Systems and methods for secure electronic transfers

ABSTRACT

Systems and methods including one or more processors and one or more non-transitory storage devices storing computing instructions configured to run on the one or more processors and perform receiving, from a payee system for a payee, a request for a transfer from a payor to the payee, wherein: the payor is associated with a payor user profile of the payee system; and the request comprises a transfer token associated with the payor and the payee; retrieving transfer data based on the transfer token, wherein: the transfer data is associated with the transfer token, a payor financial institution for the payor, and a selected payor account owned by the payor and maintained by the payor financial institution; and the transfer data comprises an access token for the payor financial institution and the payor; using the access token to access one or more eligible payor accounts owned by the payor and maintained by the payor financial institution, the one or more eligible payor accounts comprising the selected payor account; determining a fraud risk score for the transfer; transmitting, to a payee financial institution for the payee, the fraud risk score, wherein: the payee financial institution is configured to determine a transfer decision for the transfer based at least in part on the fraud risk score and information about a payee account for the transfer; and the payee account is owned by the payee and maintained by the payee financial institution; and when the transfer decision comprises an approval of the transfer by the payee financial institution, facilitating the transfer from the selected payor account to the payee account. Other embodiments are disclosed herein.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is continuation of Ser. No. 17/824,878, filed May 25, 2022, and also is a continuation-in-part of, and claims priority to U.S. patent application Ser. No. 17/191,358, filed Mar. 3, 2021. This application further claims the benefit of U.S. Provisional Application Ser. No. 63/281,855, filed Nov. 22, 2021. U.S. patent application Ser. No. 17/824,878 claims the benefit of U.S. Provisional Application Ser. No. 63/192,182, filed May 25, 2021. Provisional Application Ser. Nos. 63/192,182 and 63/281,855 and patent application Ser. Nos. 17/191,358 and 17/824,878 are herein incorporated by this reference in its entirety.

TECHNICAL FIELD

This disclosure relates generally to electronic transfers, and more particularly relates to systems and methods for secure, instantaneous transfers.

BACKGROUND

Digital assets (e.g., cryptocurrencies, non-fungible tokens (NFTs), electronically held bank accounts, etc.) have become more prevalent in today's world as a means of exchange. While this increased prevalence has come with new advantages, it has also lead to a number of new problems. For example, owners of digital assets often expect that the transfers of such assets will happen in real time (e.g., instantaneously or almost instantaneously), but operators of digital asset sources (e.g., cryptocurrency exchanges, banks, NFT market operators, etc.) must ensure that these transfers are secure so that the chances of digital fraud are minimized. These two goals of real time transfers and secure transfers can be in competition with each other in prior systems for electronic transfers of digital assets because a faster transfer gives an operator less time to perform due diligence on the transfer. Therefore, there is a need for a system to securely and quickly transfer digital assets.

BRIEF DESCRIPTION OF THE DRAWINGS

To facilitate further description of the embodiments, the following drawings are provided in which:

FIG. 1 illustrates a front elevational view of a computer system that is suitable for implementing various embodiments of the systems disclosed in FIGS. 3 and 5;

FIG. 2 illustrates a representative block diagram of an example of the elements included in the circuit boards inside a chassis of the computer system of FIG. 1;

FIG. 3 illustrates a representative block diagram of a system, according to an embodiment;

FIG. 4 illustrates a flowchart for a method, according to certain embodiments;

FIG. 5 illustrates a representative block diagram of a system, according to an additional embodiment;

FIG. 6 illustrates a representative block diagram of a system, according to an embodiment;

FIG. 7 illustrates a flowchart for a method, according to an embodiment;

FIG. 8 illustrates a flowchart for a method, according to an embodiment;

FIG. 9 illustrates a flowchart for a method, according to an embodiment;

FIG. 10 illustrates a flowchart for a method, according to an embodiment;

FIG. 11 illustrates a flowchart for a method, according to an embodiment; and

FIG. 12 illustrates a flowchart for a method, according to an embodiment.

For simplicity and clarity of illustration, the drawing figures illustrate the general manner of construction, and descriptions and details of well-known features and techniques may be omitted to avoid unnecessarily obscuring the present disclosure.

Additionally, elements in the drawing figures are not necessarily drawn to scale. For example, the dimensions of some of the elements in the figures may be exaggerated relative to other elements to help improve understanding of embodiments of the present disclosure. The same reference numerals in different figures denote the same elements.

The terms “first,” “second,” “third,” “fourth,” and the like in the description and in the claims, if any, are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the terms so used are interchangeable under appropriate circumstances such that the embodiments described herein are, for example, capable of operation in sequences other than those illustrated or otherwise described herein. Furthermore, the terms “include,” and “have,” and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, device, or apparatus that comprises a list of elements is not necessarily limited to those elements, but may include other elements not expressly listed or inherent to such process, method, system, article, device, or apparatus.

The terms “left,” “right,” “front,” “back,” “top,” “bottom,” “over,” “under,” and the like in the description and in the claims, if any, are used for descriptive purposes and not necessarily for describing permanent relative positions. It is to be understood that the terms so used are interchangeable under appropriate circumstances such that the embodiments of the apparatus, methods, and/or articles of manufacture described herein are, for example, capable of operation in other orientations than those illustrated or otherwise described herein.

The terms “couple,” “coupled,” “couples,” “coupling,” and the like should be broadly understood and refer to connecting two or more elements mechanically and/or otherwise. Two or more electrical elements may be electrically coupled together, but not be mechanically or otherwise coupled together. Coupling may be for any length of time, e.g., permanent or semi-permanent or only for an instant. “Electrical coupling” and the like should be broadly understood and include electrical coupling of all types.

The absence of the word “removably,” “removable,” and the like near the word “coupled,” and the like does not mean that the coupling, etc. in question is or is not removable.

As defined herein, two or more elements are “integral” if they are comprised of the same piece of material. As defined herein, two or more elements are “non-integral” if each is comprised of a different piece of material.

As defined herein, “real-time” can, in some embodiments, be defined with respect to operations carried out as soon as practically possible upon occurrence of a triggering event. A triggering event can include receipt of data necessary to execute a task or to otherwise process information. Because of delays inherent in transmission and/or in computing speeds, the term “real time” encompasses operations that occur in “near” real time or somewhat delayed from a triggering event. In a number of embodiments, “real time” can mean real time less a time delay for processing (e.g., determining) and/or transmitting data. The particular time delay can vary depending on the type and/or amount of the data, the processing speeds of the hardware, the transmission capability of the communication hardware, the transmission distance, etc. However, in many embodiments, the time delay can be less than approximately one second, two seconds, five seconds, or ten seconds.

As defined herein, “approximately” can, in some embodiments, mean within plus or minus ten percent of the stated value. In other embodiments, “approximately” can mean within plus or minus five percent of the stated value. In further embodiments, “approximately” can mean within plus or minus three percent of the stated value. In yet other embodiments, “approximately” can mean within plus or minus one percent of the stated value.

Description of Examples of Embodiments

A number of embodiments can include a first system. The system can include one or more processors and one or more non-transitory computer-readable storage devices storing computing instructions. The computing instructions can be configured to run on the one or more processors and perform: receiving a request for a transfer from a user device of a user, the transfer being from a source of funds owned by the user to a destination account owned by a third-party; coordinating displaying, on the user device of the user, at least one transfer method of a plurality of transfer methods for the transfer; receiving, from the user device of the user, a selection of the at least one transfer method of the plurality of transfer methods; receiving a token from an operator of the source of funds owned by the user, the token being unique to the third-party; transferring the token to the third-party; after transferring the token to the third-party, receiving the token and transfer details of the transfer from the third-party; in response to receiving the token and the transfer details, determining a fraud risk score for the transfer; and when the fraud risk score satisfies a predetermined threshold, facilitating the transfer from the user to the third-party.

Various embodiments include a first method. The method can be implemented via execution of computing instructions configured to run at one or more processors and configured to be stored at non-transitory computer-readable media. The method can comprise receiving a request for a transfer from a user device of a user, the transfer being from a source of funds owned by the user to a destination account owned by a third-party; coordinating displaying, on the user device of the user, at least one transfer method of a plurality of transfer methods for the transfer; receiving, from the user device of the user, a selection of the at least one transfer method of the plurality of transfer methods; receiving a token from an operator of the source of funds owned by the user, the token being unique to the third-party; transferring the token to the third-party; after transferring the token to the third-party, receiving the token and transfer details of the transfer from the third-party; in response to receiving the token and the transfer details, determining a fraud risk score for the transfer; and when the fraud risk score satisfies a predetermined threshold, facilitating the transfer from the user to the third-party.

Various embodiments can include a second system. The system can include one or more processors and one or more non-transitory computer-readable media storing computing instructions. When executed on the one or more processors, the computing instructions can perform certain acts. In many embodiments, the acts can include receiving, from a payee system for a payee, a request for a transfer from a payor to the payee. In some embodiments, the acts further can include causing a payor device of the payor to display a plurality of candidate financial institutions for the payor to determine a payor financial institution of the plurality of candidate financial institutions for the transfer. The acts also can include causing the payor device to display an authorization user interface for the payor to authorize the payor financial institution to grant an access code to the system. In certain embodiments, the acts additionally can include validating that the access code is authentic. The authorization user interface additionally can be configured to allow the payor to log into a payor user account at the payor financial institution.

Meanwhile, the acts further can include, in response to the payor financial institution granting the access code, requesting, from the payor financial institution, one or more eligible payor accounts owned by the payor and maintained by the payor financial institution. The payor user account at the payor financial institution can be associated with the one or more eligible payor accounts. In a number of embodiments, the acts further can include causing the payor device to display the one or more eligible payor accounts for the payor to determine a selected payor account of the one or more eligible payor accounts for the transfer. The acts additionally can include determining a fraud risk score for the transfer. In some embodiments, the act of determining the fraud risk score for the transfer can include analyzing a transfer history of the payee. Moreover, the acts can include transmitting, to a payee financial institution for the payee, the fraud risk score. The payee financial institution can be configured to determine a transfer decision for the transfer based at least in part on: (a) the fraud risk score, and (b) information about a payee account for the transfer. The payee account can be owned by the payee and maintained by the payee financial institution. Further, the acts can include: when the transfer decision comprises an approval of the transfer by the payee financial institution, facilitating the transfer from the selected payor account to the payee account.

In a number of embodiments, the act of determining the fraud risk score further can include determining the fraud risk score by using a first risk model. The payee financial institution further can be configured to determine the transfer decision based at least in part on a second risk model to determine a second fraud risk score. In many embodiments, the act of facilitating the transfer from the selected payor account to the payee account further can include transmitting, to the payor financial institution, the fraud risk score for the payor financial institution to determine a second transfer decision based at least in part on the fraud risk score. In certain embodiments, the payor financial institution can be configured to perform certain approval processes before effectuating the transfer. The payor financial institution can be configured to determine the second transfer decision based at least in part on comparing a balance for the selected payor account with a transfer amount for the transfer. The payor financial institution further can be configured to determine the second transfer decision based at least in part on a third risk model to determine a third fraud risk score.

In some embodiments, the first risk model, the second risk model, and/or third risk model each can include any suitable hardware and/or software configured to implement one or more suitable fraud risk scoring algorithms based on pertinent information (e.g., information about the transfer, a transaction history of the payee and/or the payee account, etc.). Each of the first risk model, the second risk model, and/or third risk model can be similar or different from each other in that the hardware, software, algorithms, and/or information used for determining the respective fraud risk scores can be similar or different.

In a number of embodiments, the acts further can include a token-based authentication process for increased security. For example, the act of requesting the one or more eligible payor accounts further can include obtaining, from the payor financial institution, an access token associated with the payor. In certain embodiments, the access token can be similar or identical to the access token described above. The access token can be issued to the system by the payor financial institution after the system is granted the access code to communicate with the payor financial institution. The access token can be uniquely associated with the payor or the payor user account. The access token further can be configured to allow the system to perform certain tasks or access certain resources (e.g., requesting the one or more eligible payor accounts, or authorizing the transfer of funds, etc.) at the payor financial institution on behalf of the payor. In some embodiments, the access token can be used by not only the system but also any other devices, systems, and/or models that hold the access token. In similar or different embodiments, the access token further can include an expiration date and/or time, after which the access token becomes unusable. For an access token that can be used by any bearer of the access token, the access token including an expiration time can lower the risk of unauthorized access or leak of the payor's confidential information and/or protected resources.

In several embodiments, the act of requesting the one or more eligible payor accounts further can include obtaining, from the payor financial institution, a refresh token associated with the access token. The refresh token can be configured to extend the time for the system to communicate with and/or access protected resources at the payor financial institution. For example, the act of requesting the one or more eligible payor accounts further can include when the refresh token is valid, requesting the payor financial institution to renew an expired access token associated with the refresh token without prompting the payor to re-log in and/or re-authorize access. The act of requesting the one or more eligible payor accounts also can include, when the refresh token and the access token are expired, causing the payor device of the payor to display the authorization user interface for the payor to authorize the payor financial institution to renew the access token and the refresh token. In many embodiments, the refresh token can be obtained from the payor financial institution at the same time when the system obtains a new access token. The refresh token further can include an expiration time (e.g., an hour, 24 hours, 3 days, a week, or a month) that is longer than that of the access token (e.g., 1 minute, 3 minutes, 5 minutes, or 30 minutes). In many embodiments, the acts performed by the computing instructions of the second system further can include one or more of the activities or acts of any of the embodiments described above.

Various embodiments include a second method. The method can be implemented via execution of computing instructions configured to run at one or more processors and configured to be stored at non-transitory computer-readable media. In many embodiments, the method can include receiving, from a payee system for a payee, a request for a transfer from a payor to the payee. The method further can include causing the payor device to display an authorization user interface for the payor to authorize a payor financial institution to grant an access code to the system or the one or more processors performing the method. The method also can include, in response to the payor financial institution granting the access code, requesting, from the payor financial institution, one or more eligible payor accounts owned by the payor and maintained by the payor financial institution.

In a number of embodiments, the method further can include causing the payor device to display the one or more eligible payor accounts for the payor to determine a selected payor account of the one or more eligible payor accounts for the transfer. The method additionally can include determining a fraud risk score for the transfer. Moreover, the method can include transmitting, to a payee financial institution for the payee, the fraud risk score. The payee financial institution can be configured to determine a transfer decision for the transfer based at least in part on: (a) the fraud risk score, and (b) information about a payee account for the transfer. The payee account can be owned by the payee and maintained by the payee financial institution. The method further can include, when the transfer decision comprises an approval of the transfer by the payee financial institution, facilitating the transfer from the selected payor account to the payee account. In many embodiments, the method further can include one or more of the activities or acts of any of the embodiments described above. In a number of embodiments, the method can be adopted to allow the payor who is not registered with the payee system to authorize a one-time transfer (e.g., a guest checkout) between the payor financial institution and the payee financial institution.

Various embodiments can include a third system. The system can include one or more processors and one or more non-transitory computer-readable media storing computing instructions. When executed on the one or more processors, the computing instructions can perform certain acts. In many embodiments, the acts can include receiving, from a payee system for a payee, a request for a transfer from a payor to the payee. The payor can be associated with a payor user profile of the payee system. The payee system can be configured to transmit the request pursuant to an instruction by the payor. For example, the payee system can transmit the request for a transfer after the payor chooses a transfer method and authorize the transfer for a purchase at the payee system.

In a number of embodiments, the acts further can include causing a payor device for the payor to display an authorization user interface for the payor to authorize a payor financial institution to grant an access code to the system. In embodiments where the transfer method acceptable to the payee system is associated with a plurality of candidate financial institutions, the acts further can include causing the payor device to display the plurality of candidate financial institutions for the payor to determine the payor financial institution of the plurality of candidate financial institutions for the transfer. In many embodiments, the authorization user interface also can be configured to allow the payor to log into a payor user account at the payor financial institution before authorizing the payor financial institution to grant the access code to the system. The access code can be transmitted to the system directly or indirectly. In some embodiments, the acts also can include validating that the access code is authentic to ensure that the access code is not counterfeited or re-used and that the access to any protected resources of the payor is authorized.

In a number of embodiments, the acts additionally can include requesting, from the payor financial institution, one or more eligible payor accounts owned by the payor and maintained by the payor financial institution. The one or more eligible payor accounts can be associated with the payor user account. The acts further can include causing the payor device to display the one or more eligible payor accounts for the payor to determine a selected payor account of the one or more eligible payor accounts for the transfer. In some embodiments, the acts further can include determining a fraud risk score for the transfer. Determining the fraud risk score can be implemented by any suitable hardware, software, risk models, and/or risk data associated with the payee. In certain embodiments, the act of determining the fraud risk score can include analyzing a transfer history of the payee.

In a number of embodiments, the acts further can include transmitting, to a payee financial institution for the payee, the fraud risk score. The payee financial institution can be configured to determine a transfer decision for the transfer based at least in part on the fraud risk score and information about a payee account for the transfer. The payee account can be owned by the payee and maintained by the payee financial institution. In certain embodiments, transmitting the fraud risk score to the payee financial institution can cause or accompany an instruction to cause the payee financial institution to determine the transfer decision. The acts further can include when the transfer decision comprises an approval of the transfer by the payee financial institution, facilitating the transfer from the selected payor account to the payee account.

The acts further can include after facilitating the transfer, generating a transfer token associated with the payor and the payee. The transfer token can be associated with transfer data for the transfer. The transfer data can include information about the transfer that has been performed, such as information about the payor, the payee, the status of the transfer (e.g., “sent”, “failed”, “disapproved”, etc.), the payor financial institution, the payee financial institution, the selected payor account, the payor user profile of the payee system, and/or the payor user account with the payor financial institution, etc. In a number of embodiments, the acts also can include storing the transfer data for the transfer. The acts additionally can include transmitting the transfer token to the payee system. The payee system can store the transfer token with or into the payor user profile for future use.

In a number of embodiments, determining the fraud risk score further can include determining the fraud risk score by using a first risk model. The payee financial institution further can be configured to determine the transfer decision based at least in part on a second risk model to determine a second fraud risk score. The first risk model can be similar or different from the second risk model. In certain embodiments, the risk data for the first risk model to determine the fraud risk score also can be similar or different from the risk data for the second risk model.

In many embodiments, facilitating the transfer from the selected payor account to the payee account further can include transmitting, to the payor financial institution, the fraud risk score for the payor financial institution to determine a second transfer decision based at least in part on the fraud risk score. In some embodiments, the payor financial institution can be configured to determine the second transfer decision after receiving the fraud risk score and/or a transfer instruction. In certain embodiments, the fraud risk score transmitted to the payor financial institution can be accompanied by a request to cause the payor financial institution to determine the second transfer decision.

In embodiments where the payor financial institution is configured to determine the second transfer decision, the payor financial institution can be further configured to determine the second transfer decision based at least in part on: (a) a third risk model to determine a third fraud risk score; and/or (b) comparing a balance for the selected payor account with a transfer amount for the transfer. The third risk model can be similar or different from the first risk model and/or second risk model described above. Further, the risk data for the third risk model to determine the third fraud risk score also can be similar or different from the risk data for the first risk model and/or second risk model.

The risk data for the third risk model can include the fraud risk score. In many embodiments, after comparing, when the balance for the selected payor account is less than the transfer amount for the transfer, the second transfer decision can include a denial for the transfer.

In many embodiments, the act of requesting the one or more eligible payor accounts from the payor financial institution can include: (a) obtaining, from the payor financial institution, an access token associated with the payor; (b) obtaining, from the payor financial institution, a refresh token associated with the access token; (c) when the refresh token is valid, requesting the payor financial institution to renew the access token; and/or (d) when the refresh token and the access token are expired, causing the payor device for the payor to display the authorization user interface for the payor to authorize the payor financial institution to renew the access token and the refresh token.

In a number of embodiments, the transfer data for the transfer further can include the access token and/or the refresh token for the transfer. In many embodiments, the acts performed by the computing instructions of the third system further can include one or more of the activities or acts of any of the embodiments described above.

Various embodiments include a third method. The method can be implemented via execution of computing instructions configured to run at one or more processors and configured to be stored at non-transitory computer-readable media. In many embodiments, the method can include receiving, from a payee system for a payee, a request for a transfer from a payor to the payee. The payor can be associated with a payor user profile of the payee system. The method further can include causing a payor device for the payor to display an authorization user interface for the payor to authorize a payor financial institution to grant an access code to the one or more processors. In addition, the method can include requesting, from the payor financial institution, one or more eligible payor accounts owned by the payor and maintained by the payor financial institution. The method also can include causing the payor device to display the one or more eligible payor accounts for the payor to determine a selected payor account of the one or more eligible payor accounts for the transfer.

In many embodiments, the method further can include determining a fraud risk score for the transfer. The method additionally can include transmitting, to a payee financial institution for the payee, the fraud risk score. In some embodiments, the payee financial institution can be configured to determine a transfer decision for the transfer based at least in part on the fraud risk score and information about a payee account for the transfer, and the payee account can be owned by the payee and maintained by the payee financial institution. The method further can include, when the transfer decision comprises an approval of the transfer by the payee financial institution, facilitating the transfer from the selected payor account to the payee account.

Furthermore, the method also can include one or more post-transfer activities. For example, the method can include: (a) generating a transfer token associated with the payor and the payee; (b) storing transfer data for the transfer, the transfer data being associated with the transfer token; and/or (c) transmitting the transfer token to the payee system. The payee system can store the transfer token with or into the payor user profile.

The transfer data can include any information related to the transfer, such as information about the access token, the refresh token, the payor, the payee, etc. In some embodiments, one or more of these post-transfer activities each can be performed when the transfer decision by the payee financial institution includes an approval or after the transfer is successful or completed. In many embodiments, the method further can include one or more of the activities or acts of any of the embodiments described above.

In a number of embodiments, the method can be adopted to allow the payor who has a payor user profile of the payee system but has never used a transfer method between the payor financial institution and the payee financial institution to authorize the transfer and have the transfer data saved for future use, if any.

Various embodiments can include a fourth system. The system can include one or more processors and one or more non-transitory computer-readable media storing computing instructions. When executed on the one or more processors, the computing instructions can perform certain acts. In many embodiments, the acts can include receiving, from a payee system for a payee, a request for a transfer from a payor to the payee. The request for the transfer can be generated and/or transmitted in response to a checkout command from the payor with a selected transfer method (e.g., a real-time fund transfer between bank accounts, etc.). The payor can be associated with a payor user profile of the payee system. The request can include a transfer token associated with the payor and the payee.

The transfer token can be generated or updated after the previous transfer and stored with or in the payor user profile.

In some embodiments, the acts further can include retrieving transfer data based on the transfer token. The transfer data can be associated with the transfer token, a payor financial institution for the payor, and/or a selected payor account owned by the payor and maintained by the payor financial institution. The transfer data can include an access token for the payor financial institution and the payor. When the access token is valid (e.g., not expired), the access token can be re-used for the system to re-connect with and to regain access to resources of the payor at the payor financial institution. In a number of embodiments, the acts also can include using the access token to access one or more eligible payor accounts owned by the payor and maintained by the payor financial institution. The one or more eligible payor accounts can include the selected payor account.

In a number of embodiments, the acts further can include determining a fraud risk score for the transfer. The act of determining the fraud risk score can be similar or identical to the act of determining the fraud risk score in any of the embodiments described above.

For example, determining the fraud risk score can include analyzing a transfer history of the payee. In some embodiments, the acts also can include transmitting, to a payee financial institution for the payee, the fraud risk score. The payee financial institution can be configured to determine a transfer decision for the transfer based at least in part on the fraud risk score and information about a payee account for the transfer. The payee account can be owned by the payee and maintained by the payee financial institution.

The acts further can include when the transfer decision includes an approval of the transfer by the payee financial institution, facilitating the transfer from the selected payor account to the payee account.

In many embodiments, the acts further can include one or more of: (a) causing a payor device for the payor to display a plurality of candidate financial institutions for the transfer, the plurality of candidate financial institutions comprising the payor financial institution, and receiving, from the payor device, a selection of the payor financial institution of the plurality of candidate financial institutions; (b) causing the payor device to display the one or more eligible payor accounts for the payor to determine the selected payor account of the one or more eligible payor accounts for the transfer; (c) validating that the transfer token is authentic; and/or (d) determining whether the access token is expired.

In a number of embodiments, the acts additionally can include, in response to determining that the access token is expired, either (a) causing the payor device to display an authorization user interface for the payor to authorize the payor financial institution to renew the access token; or (b) determining whether a refresh token of the transfer data for the access token is expired, and when the refresh token is valid, causing the payor financial institution to renew the access token; and when the refresh token is expired, causing the payor device to display the authorization user interface for the payor to authorize the payor financial institution to renew the access token and the refresh token. In several embodiments, the authorization user interface for the payor to authorize the payor financial institution to renew the access token further can be configured to allow the payor to log into a payor user account with the payor financial institution. The payor user account can be associated with the one or more eligible payor accounts. In some embodiments, the acts further can include, in response to either (a) receiving the selection of the payor financial institution, or (b) the payor determining the selected payor account, updating the transfer data for the transfer.

In many embodiments, the acts further can include one or more acts in the embodiments described above. For example, the respective risk models for the system, the payee financial institution, and/or the payor financial institution for determining the respective fraud risk scores can be similar or identical to any of the one or more risk models for the system, the payee financial institution, and/or the payor financial institution in the other embodiments. The payee financial institution, and/or the payor financial institution each can be configured to determine whether and how the fraud risk score transmitted from the system can be used to determine the respective transfer decision for the transfer. In many embodiments, the acts performed by the computing instructions of the fourth system further can include one or more of the activities or acts of any of the embodiments described above.

Various embodiments include a fourth method. The method can be implemented via execution of computing instructions configured to run at one or more processors and configured to be stored at non-transitory computer-readable media. In many embodiments, the method can include receiving, from a payee system for a payee, a request for a transfer from a payor to the payee. The payor can be associated with a payor user profile of the payee system. The request can include a transfer token associated with the payor and the payee. The method further can include retrieving transfer data based on the transfer token. The transfer data can be associated with the transfer token, a payor financial institution for the payor, and a selected payor account owned by the payor and maintained by the payor financial institution. The transfer data can include an access token for the payor financial institution and the payor. In some embodiments, the acts further can include using the access token to access one or more eligible payor accounts owned by the payor and maintained by the payor financial institution. The one or more eligible payor accounts can include the selected payor account.

In a number of embodiments, the method also can include determining a fraud risk score for the transfer. The method further can include transmitting, to a payee financial institution for the payee, the fraud risk score. The payee financial institution can be configured to determine a transfer decision for the transfer based at least in part on the fraud risk score and information about a payee account for the transfer. In addition, the payee account can be owned by the payee and maintained by the payee financial institution. Moreover, the method can include when the transfer decision comprises an approval of the transfer by the payee financial institution, facilitating the transfer from the selected payor account to the payee account. In many embodiments, the method further can include one or more of the activities or acts of any of the embodiments described above. For example, the method can include renewing the access token when a refresh token is valid and/or storing the transfer data after facilitating the transfer. In a number of embodiments, the method can be used by the payor (who has used a transfer method in the past) to skip the login process for a faster and smoother checkout experience.

Various embodiments can include a fifth system. The system can include one or more processors and one or more non-transitory computer-readable media storing computing instructions. When executed on the one or more processors, the computing instructions can perform certain acts. In many embodiments, the acts can include receiving a request for a transfer from a selected payor account of a payor to a payee. The acts further can include determining a fraud risk score for the transfer. Determining the fraud risk score can be implemented in any suitable way, including analyzing a transfer history of the payee. The acts also can include transmitting, to a payee financial institution for the payee, the fraud risk score. In some embodiments, the payee financial institution can be configured to determine a transfer decision for the transfer based at least in part on the fraud risk score and information about a payee account for the transfer. The payee account can be owned by the payee and maintained by the payee financial institution.

In many embodiments, the acts further can include when the transfer decision comprises an approval of the transfer by the payee financial institution, facilitating the transfer from the selected payor account to the payee account. The act of facilitating the transfer can include sending transfer information to a payor financial institution to cause the payor financial institution to send a request for payment through a real-time settlement network to the payee financial institution to authorize a real-time credit transfer from the selected payor account to the payee account. The real-time credit transfer can be settled in real-time through the real-time settlement network. The transfer information can include: (a) information to identify the payee financial institution and the payee account to the real-time settlement network; and/or (b) the fraud risk score. Further, in some embodiments, the transfer information does not include an account number of the payee account.

In a number of embodiments, the act of determining the fraud risk score further can include determining the fraud risk score by using a first risk model. The payee financial institution further can be configured to determine the transfer decision based at least in part on a second risk model to determine a second fraud risk score. The first risk model can be similar to or different than the second risk model.

In several embodiments, facilitating the transfer from the selected payor account to the payee account further can include transmitting, to the payor financial institution, the fraud risk score for the payor financial institution to determine a second transfer decision based at least in part on the fraud risk score. In similar or different embodiments, determining the fraud risk score further can include determining the fraud risk score by using a first risk model. The payor financial institution further can be configured to determine the second transfer decision based at least in part on: (a) a third risk model to determine a third fraud risk score; and/or (b) comparing a balance for the selected payor account with a transfer amount for the transfer. The third risk model can be similar to or different than the first risk model and/or the second risk model.

In a number of embodiments, the acts further can include before determining the fraud risk score for the transfer: (a) facilitating an authorization for the payor to authorize the payor financial institution to grant an access code; (b) requesting, from the payor financial institution, one or more eligible payor accounts owed by the payor and maintained by the payor financial institution; and (c) causing a payor device of the payor to display the one or more eligible payor accounts for the payor to determine the selected payor account from among the one or more eligible payor accounts for the transfer. In many embodiments, the acts performed by the computing instructions of the fifth system further can include one or more of the activities or acts of any of the embodiments described above.

Various embodiments include a fifth method. The method can be implemented via execution of computing instructions configured to run at one or more processors and configured to be stored at non-transitory computer-readable media. In many embodiments, the method can include receiving a request for a transfer from a selected payor account of a payor to a payee. The method further can include determining a fraud risk score for the transfer. The method additionally can include transmitting, to a payee financial institution for the payee, the fraud risk score, wherein the payee financial institution is configured to determine a transfer decision for the transfer based at least in part on the fraud risk score and information about a payee account for the transfer. The payee account can be owned by the payee and maintained by the payee financial institution.

In a number of embodiments, the method further can include when the transfer decision comprises an approval of the transfer by the payee financial institution, facilitating the transfer from the selected payor account to the payee account. The act of facilitating the transfer can include: sending transfer information to a payor financial institution to cause the payor financial institution to send a request for payment through a real-time settlement network to the payee financial institution to authorize a real-time credit transfer from the selected payor account to the payee account, wherein the real-time credit transfer is settled in real-time through the real-time settlement network. In many embodiments, the method further can include one or more of the activities or acts of any of the embodiments described above.

Various embodiments can include a sixth system. The system can include one or more processors and one or more non-transitory computer-readable media storing computing instructions. When executed on the one or more processors, the computing instructions can perform certain acts. In many embodiments, the acts can include receiving, from a payee system for a payee, a request for a transfer from a payor to the payee. The request can be sent by the payee without the payor selecting to use the system for the transfer.

The payor can be associated with a payor user profile of the payee system. The request can include a transfer token associated with the payor and the payee.

In some embodiments, the acts further can include retrieving transfer data based on the transfer token. The transfer data can be associated with the transfer token, a payor financial institution for the payor, and a selected payor account owned by the payor and maintained by the payor financial institution. The transfer data can include an access token for the payor financial institution and the payor. In a number of embodiments, the access token can be used to prevent unauthorized access of the payor's protected resources at the payor financial institution. For example, the access token can include an expiration date and/or time. In some embodiments, the acts further can include determining whether the access token is expired. The acts also can include determining whether a refresh token of the transfer data for the access token is expired. Further, the acts can include when the refresh token is valid, causing the payor financial institution to renew the access token.

In a number of embodiments, the acts also can include determining a fraud risk score for the transfer. The act of determining the fraud risk score can include determining the fraud risk score by: (a) using a first risk model; and/or (b) analyzing a transfer history of the payee. In some embodiments, the acts further can include, before determining the fraud risk score for the transfer, determining the payor financial institution based on the transfer token.

In many embodiments, the acts further can include transmitting, to a payee financial institution for the payee, the fraud risk score. The payee financial institution can be configured to determine a transfer decision for the transfer based at least in part on the fraud risk score and information about a payee account for the transfer. The payee account can be owned by the payee and maintained by the payee financial institution.

In some embodiments, the acts further can include, when the transfer decision comprises an approval of the transfer by the payee financial institution, facilitating the transfer from the selected payor account to the payee account. The payee financial institution further can be configured to determine the transfer decision based at least in part on a second risk model to determine a second fraud risk score. The second risk model can be similar to or different than the first risk model for the system.

In several embodiments, the act of facilitating the transfer from the selected payor account to the payee account further can include transmitting, to the payor financial institution, the fraud risk score for the payor financial institution to determine a second transfer decision based at least in part on the fraud risk score. The payor financial institution further can be configured to determine the second transfer decision based at least in part on a third risk model to determine a third fraud risk score. The third risk model can be similar to or different than any of the first risk model for the system or the second risk model for the payee financial institution. In certain embodiments, the payor financial institution further can be configured to determine the second transfer decision based at least in part on comparing a balance for the selected payor account with a transfer amount for the transfer. In many embodiments, the acts performed by the computing instructions of the sixth system further can include one or more of the activities or acts of any of the embodiments described above.

Various embodiments include a sixth method. The method can be implemented via execution of computing instructions configured to run at one or more processors and configured to be stored at non-transitory computer-readable media. In many embodiments, the method can include receiving, at a system from a payee system for a payee, a request for a transfer from a payor to the payee. The request can be sent by the payee without the payor selecting to use the system for the transfer. The payor can be associated with a payor user profile of the payee system. The request can comprise a transfer token associated with the payor and the payee.

In a number of embodiments, the method further can include retrieving transfer data based on the transfer token. The transfer data can be associated with the transfer token, a payor financial institution for the payor, and a selected payor account owned by the payor and maintained by the payor financial institution. The transfer data can include an access token for the payor financial institution and the payor.

The method further can include determining a fraud risk score for the transfer. The method also can include transmitting, to a payee financial institution for the payee, the fraud risk score. The payee financial institution can be configured to determine a transfer decision for the transfer based at least in part on the fraud risk score and information about a payee account for the transfer. The payee account can be owned by the payee and maintained by the payee financial institution. In many embodiments, the method further can include when the transfer decision comprises an approval of the transfer by the payee financial institution, facilitating the transfer from the selected payor account to the payee account. In many embodiments, the method further can include one or more of the activities or acts of any of the embodiments described above. In a number of embodiments, the method can be used for automatic transfer from the payor to the payee in various transactions (e.g., installment payments or subscription billings).

Turning to the drawings, FIG. 1 illustrates an exemplary embodiment of a computer system 100, all of which or a portion of which can be suitable for (i) implementing part or all of one or more embodiments of the techniques, methods, and systems and/or (ii) implementing and/or operating part or all of one or more embodiments of the memory storage modules described herein. As an example, a different or separate one of a chassis 102 (and its internal components) can be suitable for implementing part or all of one or more embodiments of the techniques, methods, and/or systems described herein. Furthermore, one or more elements of computer system 100 (e.g., a monitor 106, a keyboard 104, and/or a mouse 110, etc.) also can be appropriate for implementing part or all of one or more embodiments of the techniques, methods, and/or systems described herein. Computer system 100 can comprise chassis 102 containing one or more circuit boards (not shown), a Universal Serial Bus (USB) port 112, a Compact Disc Read-Only Memory (CD-ROM) and/or Digital Video Disc (DVD) drive 116, and a hard drive 114. A representative block diagram of the elements included on the circuit boards inside chassis 102 is shown in FIG. 2. A central processing unit (CPU) 210 in FIG. 2 is coupled to a system bus 214 in FIG. 2. In various embodiments, the architecture of CPU 210 can be compliant with any of a variety of commercially distributed architecture families.

Continuing with FIG. 2, system bus 214 also is coupled to a memory storage unit 208, where memory storage unit 208 can comprise (i) non-volatile memory, such as, for example, read only memory (ROM) and/or (ii) volatile memory, such as, for example, random access memory (RAM). The non-volatile memory can be removable and/or non-removable non-volatile memory. Meanwhile, RAM can include dynamic RAM (DRAM), static RAM (SRAM), etc. Further, ROM can include mask-programmed ROM, programmable ROM (PROM), one-time programmable ROM (OTP), erasable programmable read-only memory (EPROM), electrically erasable programmable ROM (EEPROM) (e.g., electrically alterable ROM (EAROM) and/or flash memory), etc. In these or other embodiments, memory storage unit 208 can comprise (i) non-transitory memory and/or (ii) transitory memory.

In many embodiments, all or a portion of memory storage unit 208 can be referred to as memory storage module(s) and/or memory storage device(s). In various examples, portions of the memory storage module(s) of the various embodiments disclosed herein (e.g., portions of the non-volatile memory storage module(s)) can be encoded with a boot code sequence suitable for restoring computer system 100 (FIG. 1) to a functional state after a system reset. In addition, portions of the memory storage module(s) of the various embodiments disclosed herein (e.g., portions of the non-volatile memory storage module(s)) can comprise microcode such as a Basic Input-Output System (BIOS) operable with computer system 100 (FIG. 1). In the same or different examples, portions of the memory storage module(s) of the various embodiments disclosed herein (e.g., portions of the non-volatile memory storage module(s)) can comprise an operating system, which can be a software program that manages the hardware and software resources of a computer and/or a computer network. The BIOS can initialize and test components of computer system 100 (FIG. 1) and load the operating system. Meanwhile, the operating system can perform basic tasks such as, for example, controlling and allocating memory, prioritizing the processing of instructions, controlling input and output devices, facilitating networking, and managing files. Exemplary operating systems can comprise one of the following: (i) Microsoft® Windows® operating system (OS) by Microsoft Corp. of Redmond, Wash., United States of America, (ii) Mac® OS X by Apple Inc. of Cupertino, Calif., United States of America, (iii) UNIX® OS, and (iv) Linux® OS. Further exemplary operating systems can comprise one of the following: (i) the iOS® operating system by Apple Inc. of Cupertino, Calif., United States of America, (ii) the Blackberry® operating system by Research In Motion (RIM) of Waterloo, Ontario, Canada, (iii) the WebOS operating system by LG Electronics of Seoul, South Korea, (iv) the Android™ operating system developed by Google, of Mountain View, Calif., United States of America, (v) the Windows Mobile™ operating system by Microsoft Corp. of Redmond, Wash., United States of America, or (vi) the Symbian™ operating system by Accenture PLC of Dublin, Ireland.

As used herein, “processor” and/or “processing module” means any type of computational circuit, such as but not limited to a microprocessor, a microcontroller, a controller, a complex instruction set computing (CISC) microprocessor, a reduced instruction set computing (RISC) microprocessor, a very long instruction word (VLIW) microprocessor, a graphics processor, a digital signal processor, or any other type of processor or processing circuit capable of performing the desired functions. In some examples, the one or more processing modules of the various embodiments disclosed herein can comprise CPU 210.

Alternatively, or in addition to, the systems and procedures described herein can be implemented in hardware, or a combination of hardware, software, and/or firmware. For example, one or more application specific integrated circuits (ASICs) can be programmed to carry out one or more of the systems and procedures described herein. For example, one or more of the programs and/or executable program components described herein can be implemented in one or more ASICs. In many embodiments, an application specific integrated circuit (ASIC) can comprise one or more processors or microprocessors and/or memory blocks or memory storage.

In the depicted embodiment of FIG. 2, various I/O devices such as a disk controller 204, a graphics adapter 224, a video controller 202, a keyboard adapter 226, a mouse adapter 206, a network adapter 220, and other I/O devices 222 can be coupled to system bus 214. Keyboard adapter 226 and mouse adapter 206 are coupled to keyboard 104 (FIGS. 1-2) and mouse 110 (FIGS. 1-2), respectively, of computer system 100 (FIG. 1). While graphics adapter 224 and video controller 202 are indicated as distinct units in FIG. 2, video controller 202 can be integrated into graphics adapter 224, or vice versa in other embodiments. Video controller 202 is suitable for monitor 106 (FIGS. 1-2) to display images on a screen 108 (FIG. 1) of computer system 100 (FIG. 1). Disk controller 204 can control hard drive 114 (FIGS. 1-2), USB port 112 (FIGS. 1-2), and CD-ROM drive 116 (FIGS. 1-2). In other embodiments, distinct units can be used to control each of these devices separately.

Network adapter 220 can be suitable to connect computer system 100 (FIG. 1) to a computer network by wired communication (e.g., a wired network adapter) and/or wireless communication (e.g., a wireless network adapter). In some embodiments, network adapter 220 can be plugged or coupled to an expansion port (not shown) in computer system 100 (FIG. 1). In other embodiments, network adapter 220 can be built into computer system 100 (FIG. 1). For example, network adapter 220 can be built into computer system 100 (FIG. 1) by being integrated into the motherboard chipset (not shown), or implemented via one or more dedicated communication chips (not shown), connected through a PCI (peripheral component interconnector) or a PCI express bus of computer system 100 (FIG. 1) or USB port 112 (FIG. 1).

Returning now to FIG. 1, although many other components of computer system 100 are not shown, such components and their interconnection are well known to those of ordinary skill in the art. Accordingly, further details concerning the construction and composition of computer system 100 and the circuit boards inside chassis 102 are not discussed herein.

Meanwhile, when computer system 100 is running, program instructions (e.g., computer instructions) stored on one or more of the memory storage module(s) of the various embodiments disclosed herein can be executed by CPU 210 (FIG. 2). At least a portion of the program instructions, stored on these devices, can be suitable for carrying out at least part of the techniques and methods described herein.

Further, although computer system 100 is illustrated as a desktop computer in FIG. 1, there can be examples where computer system 100 may take a different form factor while still having functional elements similar to those described for computer system 100. In some embodiments, computer system 100 may comprise a single computer, a single server, or a cluster or collection of computers or servers, or a cloud of computers or servers. Typically, a cluster or collection of servers can be used when the demand on computer system 100 exceeds the reasonable capability of a single server or computer. In certain embodiments, computer system 100 may comprise a portable computer, such as a laptop computer. In certain other embodiments, computer system 100 may comprise a mobile electronic device, such as a smartphone. In certain additional embodiments, computer system 100 may comprise an embedded system.

Turning ahead in the drawings, FIG. 3 illustrates a block diagram of a system 300 that can be employed for secure electronic transfers, as described in greater detail below. System 300 is merely exemplary and embodiments of the system are not limited to the embodiments presented herein. System 300 can be employed in many different embodiments or examples not specifically depicted or described herein. In some embodiments, certain elements or modules of system 300 can perform various procedures, processes, and/or activities. In these or other embodiments, the procedures, processes, and/or activities can be performed by other suitable elements or modules of system 300.

Generally, therefore, system 300 can be implemented with hardware and/or software, as described herein. In some embodiments, part or all of the hardware and/or software can be conventional, while in these or other embodiments, part or all of the hardware and/or software can be customized (e.g., optimized) for implementing part or all of the functionality of system 300 described herein.

In some embodiments, system 300 can include one or more of a system server 310, a first operator server 320, a second operator server 330, a user device 340, and/or a third party device 350. In various embodiments, system server 310, first operator server 320, second operator server 330, user device 340, and/or third party device 350 can each be a computer system, such as computer system 100 (FIG. 1), as described above, and can each be a single computer, a single server, or a cluster or collection of computers or servers, or a cloud of computers or servers. In another embodiment, a single computer system can host each of two or more of system server 310, first operator server 320, second operator server 330, user device 340, and/or third party device 350. Additional details regarding system server 310, first operator server 320, second operator server 330, user device 340, and/or third party device 350 are described herein.

In many embodiments, third party device 350 can comprise a register or some other type of transaction processing machine. In some embodiments, user device 340 and/or third party device 350 can be mobile devices. A mobile electronic device can refer to a portable electronic device (e.g., an electronic device easily conveyable by hand by a person of average size) with the capability to present audio and/or visual data (e.g., text, images, videos, music, etc.). For example, a mobile electronic device can comprise at least one of a digital media player, a cellular telephone (e.g., a smartphone), a personal digital assistant, a handheld digital computer device (e.g., a tablet personal computer device), a laptop computer device (e.g., a notebook computer device, a netbook computer device), a wearable user computer device, or another portable computer device with the capability to present audio and/or visual data (e.g., images, videos, music, etc.). Thus, in many examples, a mobile electronic device can comprise a volume and/or weight sufficiently small as to permit the mobile electronic device to be easily conveyable by hand. For examples, in some embodiments, a mobile electronic device can occupy a volume of less than or equal to approximately 1790 cubic centimeters, 2434 cubic centimeters, 2876 cubic centimeters, 4056 cubic centimeters, and/or 5752 cubic centimeters. Further, in these embodiments, a mobile electronic device can weigh less than or equal to 15.6 Newtons, 17.8 Newtons, 22.3 Newtons, 31.2 Newtons, and/or 44.5 Newtons.

Exemplary mobile electronic devices can comprise (i) an iPod®, iPhone®, iTouch®, iPad®, MacBook® or similar product by Apple Inc. of Cupertino, Calif., United States of America, (ii) a Blackberry® or similar product by Research in Motion (RIM) of Waterloo, Ontario, Canada, (iii) a Lumia® or similar product by the Nokia Corporation of Keilaniemi, Espoo, Finland, and/or (iv) a Galaxy™ or similar product by the Samsung Group of Samsung Town, Seoul, South Korea. Further, in the same or different embodiments, a mobile electronic device can comprise an electronic device configured to implement one or more of (i) the iPhone® operating system by Apple Inc. of Cupertino, Calif., United States of America, (ii) the Blackberry® operating system by Research In Motion (RIM) of Waterloo, Ontario, Canada, (iii) the Palm® operating system by Palm, Inc. of Sunnyvale, Calif., United States, (iv) the Android™ operating system developed by the Open Handset Alliance, (v) the Windows Mobile™ operating system by Microsoft Corp. of Redmond, Wash., United States of America, or (vi) the Symbian™ operating system by Nokia Corp. of Keilaniemi, Espoo, Finland.

Further still, the term “wearable user computer device” as used herein can refer to an electronic device with the capability to present audio and/or visual data (e.g., text, images, videos, music, etc.) that is configured to be worn by a user and/or mountable (e.g., fixed) on the user of the wearable user computer device (e.g., sometimes under or over clothing; and/or sometimes integrated with and/or as clothing and/or another accessory, such as, for example, a hat, eyeglasses, a wrist watch, shoes, etc.). In many examples, a wearable user computer device can comprise a mobile electronic device, and vice versa. However, a wearable user computer device does not necessarily comprise a mobile electronic device, and vice versa.

In specific examples, a wearable user computer device can comprise a head mountable wearable user computer device (e.g., one or more head mountable displays, one or more eyeglasses, one or more contact lenses, one or more retinal displays, etc.) or a limb mountable wearable user computer device (e.g., a smart watch). In these examples, a head mountable wearable user computer device can be mountable in close proximity to one or both eyes of a user of the head mountable wearable user computer device and/or vectored in alignment with a field of view of the user.

In more specific examples, a head mountable wearable user computer device can comprise (i) Google Glass™ product or a similar product by Google Inc. of Menlo Park, Calif., United States of America; (ii) the Eye Tap™ product, the Laser Eye Tap™ product, or a similar product by ePI Lab of Toronto, Ontario, Canada, and/or (iii) the Raptyr™ product, the STAR 1200™ product, the Vuzix Smart Glasses M100™ product, or a similar product by Vuzix Corporation of Rochester, N.Y., United States of America. In other specific examples, a head mountable wearable user computer device can comprise the Virtual Retinal Display™ product, or similar product by the University of Washington of Seattle, Wash., United States of America. Meanwhile, in further specific examples, a limb mountable wearable user computer device can comprise the iWatch™ product, or similar product by Apple Inc. of Cupertino, Calif., United States of America, the Galaxy Gear or similar product of Samsung Group of Samsung Town, Seoul, South Korea, the Moto 360 product or similar product of Motorola of Schaumburg, Ill., United States of America, and/or the Zip™ product, One™ product, Flex™ product, Charge™ product, Surge™ product, or similar product by Fitbit Inc. of San Francisco, Calif., United States of America.

In many embodiments, system 300 can comprise graphical user interfaces (“GUI”) 360, 361. In the same or different embodiments, GUI 360 can be part of and/or displayed by user device 340, while GUI 361 can be part of and/or displayed by third party device 350. In these embodiments, GUI 360 can be different than GUI 361. For example, GUI 360 can comprise a transfer offering GUI while GUI 361 can comprise a transfer accepting GUI. In some embodiments, GUI 360, 361 can comprise text and/or graphics (image) based user interfaces. In the same or different embodiments, GUI 360, 361 can comprise a heads up display (“HUD”). When GUI 360, 361 comprises a HUD, GUI 360, 361 can be projected onto glass or plastic, displayed in midair as a hologram, or displayed on monitor 106 (FIG. 1). In various embodiments, GUI 360, 361 can be color or black and white. In many embodiments, GUI 360, 361 can comprise an application running on a computer system, such as computer system 100, user device 340, and/or third party device 350. In the same or different embodiments, GUI 360, 361 can comprise a website accessed through internet 370. In some embodiments, GUI 360, 361 can comprise an eCommerce website. In these or other embodiments, GUI 361 can comprise an administrative (e.g., back end) GUI allowing an administrator to modify and/or change one or more settings in system 300. In the same or different embodiments, GUI 360, 361 can be displayed as or on a virtual reality (VR) and/or augmented reality (AR) system or display. In some embodiments, an interaction with a GUI can comprise a click, a look, a selection, a grab, a view, a purchase, a bid, a swipe, a pinch, a reverse pinch, etc.

In many embodiments, system server 310, first operator server 320, second operator server 330, user device 340, and/or third party device 350 can each comprise one or more input devices (e.g., one or more keyboards, one or more keypads, one or more pointing devices such as a computer mouse or computer mice, one or more touchscreen displays, a microphone, etc.), and/or can each comprise one or more display devices (e.g., one or more monitors, one or more touch screen displays, projectors, etc.). In these or other embodiments, one or more of the input device(s) can be similar or identical to keyboard 104 (FIG. 1) and/or a mouse 110 (FIG. 1). Further, one or more of the display device(s) can be similar or identical to monitor 106 (FIG. 1) and/or screen 108 (FIG. 1). The input device(s) and the display device(s) can be coupled to the processing module(s) and/or the memory storage module(s) of system server 310, first operator server 320, second operator server 330, user device 340, and/or third party device 350 in a wired manner and/or a wireless manner, and the coupling can be direct and/or indirect, as well as locally and/or remotely. As an example of an indirect manner (which may or may not also be a remote manner), a keyboard-video-mouse (KVM) switch can be used to couple the input device(s) and the display device(s) to the processing module(s) and/or the memory storage module(s). In some embodiments, the KVM switch also can be part of system server 310, first operator server 320, second operator server 330, user device 340, and/or third party device 350. In a similar manner, the processing module(s) and the memory storage module(s) can be local and/or remote to each other.

In many embodiments, system server 310, first operator server 320, second operator server 330, user device 340, and/or third party device 350 can be configured to communicate with one another. In some embodiments, system server 310, first operator server 320, second operator server 330, user device 340, and/or third party device 350 can communicate or interface (e.g., interact) with each other through a network or internet 370. Internet 370 can be an intranet that is not open to the public. In further embodiments, Internet 370 can be a mesh network of individual systems. In various embodiments, Internet 370 can comprise a real time payment (RTP) network. For example, Internet 370 can comprise The Clearing House RTP network and/or the Zelle® network. Accordingly, in many embodiments, system server 310, first operator server 320, second operator server 330, and/or third party device 350 (and/or the software used by such systems) can refer to a back end of system 300 operated by an operator and/or administrator of system 300, and user device 340 (and/or the software used by such systems) can refer to a front end of system 300 used by one or more users 380. In some embodiments, user 380 can also be referred to as a customer, in which case, user device 340 can be referred to as a customer device. In these or other embodiments, the operator and/or administrator of system 300 can manage system 300, the processing module(s) of system 300, and/or the memory storage module(s) of system 300 using the input device(s) and/or display device(s) of system 300. In various embodiments, first operator server 320 and second operator server 330 can communicate directly with each other without using internet 370.

In many embodiments, first operator server 320, second operator server 330, and/or third party device 350 can host one or more websites. For example, third party device 350 can host an eCommerce website that allows users to browse and/or search for products, to add products to an electronic shopping cart, and/or to purchase products, in addition to other suitable activities.

Meanwhile, in many embodiments, system server 310, first operator server 320, second operator server 330, user device 340, and/or third party device 350 can also be configured to communicate with one or more databases. In various embodiments, one or more databases can comprise a product database that contains information about products, items, or SKUs (stock keeping units) sold by a retailer. In various embodiments, one or more databases can be stored on one or more memory storage modules (e.g., non-transitory memory storage module(s)), which can be similar or identical to the one or more memory storage module(s) (e.g., non-transitory memory storage module(s)) described above with respect to computer system 100 (FIG. 1). Also, in some embodiments, for any particular database of the one or more databases, that particular database can be stored on a single memory storage module of the memory storage module(s), and/or the non-transitory memory storage module(s) storing the one or more databases or the contents of that particular database can be spread across multiple ones of the memory storage module(s) and/or non-transitory memory storage module(s) storing the one or more databases, depending on the size of the particular database and/or the storage capacity of the memory storage module(s) and/or non-transitory memory storage module(s).

The one or more databases can each comprise a structured (e.g., indexed) collection of data and can be managed by any suitable database management systems configured to define, create, query, organize, update, and manage database(s). Exemplary database management systems can include MySQL (Structured Query Language) Database, PostgreSQL Database, Microsoft SQL Server Database, Oracle Database, SAP (Systems, Applications, & Products) Database, IBM DB2 Database, and/or NoSQL Database.

Meanwhile, communication between system server 310, first operator server 320, second operator server 330, user device 340, third party device 350, and/or the one or more databases can be implemented using any suitable manner of wired and/or wireless communication. Accordingly, system 300 can comprise any software and/or hardware components configured to implement the wired and/or wireless communication. Further, the wired and/or wireless communication can be implemented using any one or any combination of wired and/or wireless communication network topologies (e.g., ring, line, tree, bus, mesh, star, daisy chain, hybrid, etc.) and/or protocols (e.g., personal area network (PAN) protocol(s), local area network (LAN) protocol(s), wide area network (WAN) protocol(s), cellular network protocol(s), powerline network protocol(s), etc.). Exemplary PAN protocol(s) can comprise Bluetooth, Zigbee, Wireless Universal Serial Bus (USB), Z-Wave, etc.; exemplary LAN and/or WAN protocol(s) can comprise Institute of Electrical and Electronic Engineers (IEEE) 802.3 (also known as Ethernet), IEEE 802.11 (also known as WiFi), etc.; and exemplary wireless cellular network protocol(s) can comprise Global System for Mobile Communications (GSM), General Packet Radio Service (GPRS), Code Division Multiple Access (CDMA), Evolution-Data Optimized (EV-DO), Enhanced Data Rates for GSM Evolution (EDGE), Universal Mobile Telecommunications System (UMTS), Digital Enhanced Cordless Telecommunications (DECT), Digital AMPS (IS-136/Time Division Multiple Access (TDMA)), Integrated Digital Enhanced Network (iDEN), Evolved High-Speed Packet Access (HSPA+), Long-Term Evolution (LTE), WiMAX, etc. The specific communication software and/or hardware implemented can depend on the network topologies and/or protocols implemented, and vice versa. In many embodiments, exemplary communication hardware can comprise wired communication hardware including, for example, one or more data buses, such as, for example, universal serial bus(es), one or more networking cables, such as, for example, coaxial cable(s), optical fiber cable(s), and/or twisted pair cable(s), any other suitable data cable, etc. Further exemplary communication hardware can comprise wireless communication hardware including, for example, one or more radio transceivers, one or more infrared transceivers, etc. Additional exemplary communication hardware can comprise one or more networking components (e.g., modulator-demodulator components, gateway components, etc.).

In many embodiments, one or more of first operator server 320 and/or second operator server 330 can host one or more of a source of funds account 321 and/or a destination account 331, respectively. Source account 321 and destination account 331 can each comprise one or more of a bank account, a cryptocurrency wallet, an NFT wallet, or some other electronic mechanism for storing an item of data to be transferred. While source account 321 and destination account 331 are depicted in FIG. 3 as being stored on different servers, it will be understood by a person having ordinary skill in the art that this configuration is not always the case. For example, when source account 321 and destination account 331 are stored at the same institution (e.g., at the same bank), source account 321 and destination account 331 can be stored on the same server.

In many embodiments, the techniques described herein can provide a practical application and several technological improvements. In some embodiments, the techniques described herein can provide for a more secure and private transfer. These techniques described herein can provide a significant improvement over conventional approaches of electronic transfers, such as credit and/or debit cards.

In a number of embodiments, the techniques described herein can solve a technical problem that arises only within the realm of computer networks, as electronic transfers do not exist outside of computer networks.

Turning ahead in the drawings, FIG. 4 illustrates a flow chart for a method 400, according to an embodiment. Method 400 is merely exemplary and is not limited to the embodiments presented herein. Method 400 can be employed in many different embodiments or examples not specifically depicted or described herein. In some embodiments, the activities of method 400 can be performed in the order presented. In other embodiments, the activities of method 400 can be performed in any suitable order. In still other embodiments, one or more of the activities of method 400 can be combined or skipped. In many embodiments, system 300 (FIG. 3) can be suitable to perform method 400 and/or one or more of the activities of method 400. In these or other embodiments, one or more of the activities of method 400 can be implemented as one or more computer instructions configured to run at one or more processing modules and configured to be stored at one or more non-transitory memory storage modules. Such non-transitory memory storage modules can be part of a computer system such as system server 310, first operator server 320, second operator server 330, user device 340, and/or third party device 350 (FIG. 3). The processing module(s) can be similar or identical to the processing module(s) described above with respect to computer system 100 (FIG. 1).

In many embodiments, method 400 can comprise an activity 401 of receiving a request for a transfer. In some embodiments, a request for a transfer can comprise an initiation of a purchase sequence for one or more goods and/or services. For example, a request for a transfer can comprise a start of a checkout process for a purchase of an item on an eCommerce website. In these or other embodiments, a transfer request can be received from a user device (e.g., user device 340 (FIG. 3)). For example, a transfer request can be received from a user device when a user makes a purchase on an eCommerce website. In further embodiments, a request for a transfer can be received from a third party device (e.g., third party device 350 (FIG. 3)). For example, a request for a transfer can comprise a start request transmitted by the third party device. In these embodiments, the start request can be configured to initiate a transfer application programming interface (API) hosted on a system server (e.g., system server 310 (FIG. 3)). In many embodiments, a start request can be triggered by actions performed by a user on a user device (e.g., user device 340 (FIG. 3)). For example, a start request can be initiated by a user beginning a check-out process on an application or a website of a third party displayed on a user device. In many embodiments, a transfer request can be received from a third party device (e.g., third party device 350 (FIG. 3)). For example, a transfer request can be received from a third party device (e.g., a register) when a user makes a purchase in-person. In many embodiments, a transfer can be from a first source to a destination. For example, a transfer can be between one or more of a bank account, a cryptocurrency wallet, an NFT wallet, etc. In some embodiments, a first source can be different from a destination, and/or the first source can be owned by a different entity than the destination. For example, a first source can comprise a bank account owned by a user while a destination can comprise a merchant account owned by a merchant.

In many embodiments, method 400 can comprise an activity 402 of coordinating displaying at least one transfer method. In some embodiments, a plurality of transfer methods can be displayed on a GUI displayed on an electronic device (e.g., GUI 360 (FIG. 3) or GUI 361 (FIG. 3). For example, when the transfer comprises a transaction, the plurality of transfer methods can comprise different ways of paying for the transaction (e.g., credit card, debit card, and/or a real time payment (RTP) system). In further embodiments, a transfer method can be configured to transfer a digital asset from a source to a destination. For example, a transfer method can be configured to transfer an NFT from one wallet to another wallet. In many embodiments, each transfer method can be associated with one or more sources. For example, when a transfer method comprises a RTP system, one or more source accounts (e.g., a deposit account) connected to the RTP system can be displayed. As another example, when a transfer method comprises a credit card, one or more credit accounts can be displayed. In various embodiments, only eligible accounts can be shown. For example, only accounts registered with an RTP system are shown.

In many embodiments, method 400 can comprise an activity 403 of receiving a selection of at least one transfer method. In various embodiments, a selection can be made by a user on a user device (e.g., user device 340 (FIG. 3)) and/or a third party device (e.g., third party device 350 (FIG. 3)) via a GUI (e.g., GUI 360 (FIG. 3) or GUI 361 (FIG. 3)). In various embodiments, a selection can comprise an interaction with a GUI, as described with reference to FIG. 3. Activity 403 can continue in a number of ways after a selection is received. In many embodiments, when a user is interacting with a third party application installed on an electronic device, a transfer API can search the electronic device for a selected source account application installed on the electronic device. If this source account application is found, it can be run and permissions can be granted for a transfer. For example, when a user is performing a transfer using a merchant application, the transfer API can search for financial institution applications installed on the electronic device and open the financial institution application to obtain permission for the transfer. In these or other embodiments, when a user is interacting with a third party website, a web browsing program can forward the user to a website providing access to a selected source account. For example, when the transfer comprises a transaction on an eCommerce website, the web browsing program can forward the user to a website for the user's bank. In some embodiments, a user is not initially entitled to access the source account after its selection. For example, a user may need to log into the source account before it can be accessed by a transfer API or some other transfer algorithm. In these embodiments, a user can be prompted for credentials (e.g., login and password, biometric information, etc.) before being granted access to the source account. In many embodiments, access to a source account can be denied (e.g., by a user and/or in response to incorrect credentials). In these embodiments, in response to being denied access to a source account, a transfer can be canceled or alternative transfer methods can be displayed on an electronic device (e.g., user device 340 (FIG. 3) or third party device 350 (FIG. 3).

In many embodiments, method 400 can comprise an activity 404 of receiving a token from an operator. In many embodiments, an operator can comprise an individual and/or an entity that holds and/or manages a source of a transfer and/or a destination of the transfer. For example, an operator can be a bank, a cryptocurrency exchange, or an NFT market. In many environments, a token received in activity 404 can be saved and/or copied by a system server (e.g., system server 310 (FIG. 3)). A number of different tokens can be received in activity 404. Generally speaking, a token can be a piece of data carrying enough information to facilitate a process of determining a user's identity and/or authorizing a user to perform an action. In some embodiments, in response to at least a portion of activity 403, an access token can be issued by an operator server (e.g., first operator server 320 (FIG. 3)) and then sent to a server running a transfer API (e.g., system server 310 (FIG. 3)). Generally speaking, an access token can be configured to enable a system server to signal to an operator server that it has received authorization from a user to perform certain tasks or access certain resources (e.g., a source or destination account). In many embodiments, a token can be unique to a specific user and/or a specific account. In many embodiments, an access token can have an expiration date and/or time after which it is no longer usable to provide authentication. Therefore, in various embodiments, a refresh token can be received with an access token. Generally speaking, a refresh token can allow a system server to obtain a renewed access token from an operator server. In many embodiments, a refresh token can enable a server system to successfully request new access tokens until the refresh token is expired. In various embodiments, when one or more of an access token or a refresh token are no longer valid, a user can be prompted to re-login, which is explained in further detail below. One downside to using only an access token is that an access token is a bearer token. In other words, those who hold the access token can use it. The access token then acts as a credential artifact to access protected resources rather than an identification artifact. Malicious users could theoretically compromise a system and steal access tokens, which they in turn could use to access protected resources by presenting those tokens directly to the server. Therefore, a more secure system for transfers can be created by using other security measures in addition to or in place of an access token.

In many embodiments, a payment token can be generated for the transaction. Generally speaking, a payment token can be used to prevent a third party device (e.g., third party device 350 (FIG. 3)) and/or a second operator server (e.g., operator server 330 (FIG. 3)) from gaining a globally useable token. In this way, incidences of fraud, identity theft, and other electronic crimes can be reduced or eliminated. In various embodiments, a payment token can be single use. Once it has been used, the single use token can be discarded (e.g., deleted, caused to be expire, blacklisted, etc.). In various embodiments, a payment token can comprise a payment instrument (e.g., an account number, wallet number, and/or a payment profile ID). For example, an account number associated with source account 321 (FIG. 3) can be used as a payment token. In many embodiments, a payment instrument can be encrypted to create all or a portion of a payment token. In further embodiments, a payment token can be created by and/or received from an operator of a source of a transfer (e.g., operator server 320 (FIG. 3)). In various embodiments, a payment token can be used for transactions with only one third party (e.g., scoped to the third party). Generally speaking, a payment token can be scoped to a third party when I can only be used by the third party. For example, a payment token can be scoped to a third party by assigning a unique identifier (e.g., a user name, account name, etc.) to the third party upon registration. This unique identifier can then be encrypted using a key. In many embodiments, one or more temporary (e.g., short lived, disposable, etc.) token can be replaced by and/or changed into a longstanding (e.g., longer lasting or permanent) token. In various embodiments, this replacement and/or change can occur after a selection by a user. For example, if a user wants to continually make transfers to a third party, then can instruct a system server to generate or convert a token into a long standing token to effectuate a faster transfer. In this way, a scoped payment token can prevent other systems from using the payment token to effectuate transfers from a source.

Additional tokens can be used in activity 404 or other activities of method 400. For example, a token described in U.S. Provisional Application Ser. No. 63/192,182, which is incorporated herein by this reference in its entirety, describes a system and method using a suitable token.

In many embodiments, method 400 can comprise an activity 405 of transferring a token to a third party. In many embodiments, activity can be performed by a system server (e.g., system server 310 (FIG. 3)). In these or other embodiments, third party device 350 (FIG. 3) can receive a token. A number of things can occur after and/or in response to and/or as a part of activity 405. For example, when a transaction is being performed via a website, a device displaying the website (e.g., user device 340 (FIG. 3) and/or third party device 350 (FIG. 3)) can be forwarded to a transfer details website. As another example, when a transaction is being performed via an application, a device displaying the application's GUI (e.g., user device 340 (FIG. 3) and/or third party device 350 (FIG. 3)) can be forwarded to a transfer details GUI. Once the transfer details are displayed, a user and/or the third party can review and confirm these details on a website or via an application's GUI.

In many embodiments, method 400 can comprise an activity 406 of receiving a token and transfer details from a third party. In various embodiments, a third party server (e.g., third party device 350 (FIG. 3)) can transmit a transfer token and/or transfer details to a system server (e.g., system server 310 (FIG. 3)). In many embodiments, activity 406 can be performed via a system server API installed on one or more of a third party device and/or a user device. In these or other embodiments, security data about a third party, a user, a user device, and/or a third party device can be collected and transmitted in activity 406. In various embodiments, the security data can be captured by a system server API installed on the respective device. In further embodiments, security data can comprise a transaction history, a fraudulent activity history, and many other data points. In many embodiments, the received token can be compared to a previously saved token. If these tokens match, a transfer can proceed, but if they are different, the transfer can be cancelled.

In many embodiments, method 400 can comprise an activity 407 of determining a fraud risk score. In various embodiments, a fraud risk score can be determined using security data collected as a part of activity 406. A number of risk score algorithms and systems can be used in activity 407. For example, a risk score system and method described in U.S. Provisional Application Ser. No. 63/192,979, which is incorporated herein by this reference in its entirety, describes a system and method using a suitable fraud risk scoring algorithm.

In many embodiments, method 400 can comprise an activity 408 of facilitating a transfer. In various embodiments, a transfer can be facilitated in response to a fraud risk score being above, below, or equal to a predetermined value. In some embodiments, a transfer can be completed in real-time after a fraud risk score is determined to be above, below, or equal to a predetermined value. In further embodiments, a transfer can be made from a source (e.g., source of funds 321 (FIG. 3)) to a destination account (e.g., destination account 331 (FIG. 3)). Facilitating a transfer can incorporate all or a portion of one or more optional activities, as described in further detail below.

In some embodiments, method 400 can optionally comprise activity 409 of transmitting transaction details and a fraud risk score. In various embodiments, activity 409 can be performed as a part of or entirely separate from activity 408. In further embodiments, previously collected security data can also be transmitted in place of or in addition to a fraud risk score. In some embodiments, transaction details and/or a fraud risk score can be transmitted to one or more operator servers (e.g., operator servers 320, 330 (FIG. 3)). In this way, one or more operator servers can perform their own due diligence and/or security checks on a transfer. For example, operator server 320 (FIG. 3) can ingest the transferred data and perform its own risk analysis, validate that a source account is capable of completing the transfer (e.g., is the source account open, does it have sufficient funds, etc.), and/or apply any exceptions that allow the transfer to be completed (e.g., applying overdraft protection to facilitate the transfer, applying a credit to the source account to facilitate the transfer, etc.).

In some embodiments, method 400 can optionally comprise activity 410 of receiving a request for a re-login. In many embodiments, a request for a re-login can be received when a source account fails one or more due diligence and/or security checks performed by an operator server (e.g., operator servers 320, 330 (FIG. 3)). Generally speaking, a request for a re-login can function much like or comprise an out of bound authentication for a user device. For example, a one-time password can be created for a user account hosted by one or more of a system server (e.g., system server 310 (FIG. 3)) and/or an operator server (e.g., operator servers 320, 330 (FIG. 3)). As another example, a user can be forced to reset a password created for a user account hosted by one or more of a system server (e.g., system server 310 (FIG. 3)) and/or an operator server (e.g., operator servers 320, 330 (FIG. 3)).

In some embodiments, method 400 can optionally comprise activity 411 of receiving a re-login. In many embodiments, a re-login can be received from a user device (e.g., user device 340 (FIG. 3)). For example, a re-login can be received from a user device when a transfer is being completed via an application installed on the user device and/or a website of a third party displayed on the user device. In these or other embodiments, a re-login can be received from a third party device (e.g., third party device 350 (FIG. 3)). For example, when a user is performing a transfer in person, they can re-login via a third party device.

In some embodiments, method 400 can optionally comprise activity 412 of invoking a transfer API. In many embodiments, activity 412 can be performed as a part of one or more of activities 401 and/or 408. A number of different transfer APIs can be invoked in method 400. For example, a transfer API of a system server can be invoked. Generally speaking, a system server transfer API can be configured to initiate aspects of a transfer performed by a system server (e.g., system server 310 (FIG. 3)). This system server transfer API can be stored in a number of different systems. For example, a system server transfer API can be stored as a part of a software application and/or stored on a system server (e.g., system server 310 (FIG. 3)). When a system server transfer API is stored on a system server, it can be invoked via transmissions over a network (e.g., internet 370 (FIG. 3)) from one or more other devices (e.g., user device 340 (FIG. 3) and/or third party device 350 (FIG. 3)). In many embodiments, a transfer API can comprise an operator transfer API. In various embodiments, an operator transfer API can be configured to initiate aspects of a transfer performed by an operator server (e.g., operator server 320, 330 (FIG. 3)). In many embodiments, a transfer can be facilitated using electronic transmission over an RTP network (e.g., the Zelle® RTP network, Zelle® cleared through FedNow). In these embodiments, a transfer API can access a directory shared between a system server (e.g., system server 310 (FIG. 3)) and an operator server (e.g., operator servers 320, 330 (FIG. 3)).

Generally speaking, a server hosing a shared directory (e.g., system server 310) can be configured to act as an intermediary between one or more operator servers (e.g., operator server 320, 330 (FIG. 3)). In various embodiments, a shared directory can be used to act as an intermediary without its host accessing or hosting a source and/or a destination. In many embodiments, a shared directory can comprise one or more databases containing one or more elements of one or more tokens described herein. In various embodiments, the shared directory can associate the one or tokens with one or more unique identifiers. For example, one or more elements of a payment token can be stored in a shared directory. In various embodiments, an operator server hosting a source (e.g., operator server 320 (FIG. 3)) can initiate a transfer by transmitting one or more transaction details and/or one or more portions of a token to a server hosting the shared directory (e.g., system server 310 (FIG. 3)). The host of the shared directory can then verify that the one or more portions of the token are authentic. In further embodiments, after a token has been authenticated, transaction details committed to a shared directory can be pushed by a system server (e.g., system server 310 (FIG. 3)) to an operator server hosting a destination account (e.g., operator server 330 (FIG. 3)). In further embodiments, an operator server hosting a destination account can confirm with a system server that a transfer has been completed or not completed. This completion status can then be shared by the system server with one or more of a user device (e.g., user device 340 (FIG. 3)) and/or an operator server hosting a source (e.g., operator server 320 (FIG. 3)).

In some embodiments, method 400 can optionally comprise activity 413 of coordinating displaying a transfer completion message. In various embodiments, activity 413 can be performed as a part of or after activity 408. A number of different entities and/or devices can display a transfer completion message. For example, a transaction completion message can be displayed on one or more of a user device (e.g., user device 340 (FIG. 3)) and/or a third party device (e.g., third party device 350 (FIG. 3)). In various embodiments, a system server (e.g., system server 310 (FIG. 3)) can forward a transaction completion message to an intermediary server for display on a different device. For example, a system server can forward a transfer completion message to an operator server ((e.g., operator servers 320, 330 (FIG. 3)), which can then forward the transfer completion message to a display device (e.g., user device 340 (FIG. 3) or (e.g., third party device 350 (FIG. 3)). In many embodiments, a transfer completion message can be displayed on a display device via a website and/or a software application installed on a display device.

Turning ahead in the drawings, FIG. 5 illustrates a block diagram of a system 500 that can be employed for behavior based messaging. System 500 is merely exemplary and embodiments of the system are not limited to the embodiments presented herein. System 500 can be employed in many different embodiments or examples not specifically depicted or described herein. In some embodiments, certain elements or modules of system 500 can perform various procedures, processes, and/or activities. In these or other embodiments, the procedures, processes, and/or activities can be performed by other suitable elements or modules of system 500.

Generally, therefore, system 500 can be implemented with hardware and/or software, as described herein. In some embodiments, part or all of the hardware and/or software can be conventional, while in these or other embodiments, part or all of the hardware and/or software can be customized (e.g., optimized) for implementing part or all of the functionality of system 500 described herein.

In many embodiments, system 500 can comprise non-transitory memory storage module 501. Memory storage module 501 can be referred to as request receiving module 501. In many embodiments, request receiving module 501 can store computing instructions configured to run on one or more processing modules and perform one or more acts of method 400 (FIG. 4) (e.g., activity 401 (FIG. 4)).

In many embodiments, system 500 can comprise non-transitory memory storage module 502. Memory storage module 502 can be referred to as transfer method displaying module 502. In many embodiments, transfer method displaying module 502 can store computing instructions configured to run on one or more processing modules and perform one or more acts of method 400 (FIG. 4) (e.g., activity 402 (FIG. 4)).

In many embodiments, system 500 can comprise non-transitory memory storage module 503. Memory storage module 503 can be referred to as selection receiving module 503. In many embodiments, selection receiving module 503 can store computing instructions configured to run on one or more processing modules and perform one or more acts of method 400 (FIG. 4) (e.g., activity 403 (FIG. 4)).

In many embodiments, system 500 can comprise non-transitory memory storage module 504. Memory storage module 504 can be referred to as operator token receiving module 504. In many embodiments, operator token receiving module 504 can store computing instructions configured to run on one or more processing modules and perform one or more acts of method 400 (FIG. 4) (e.g., activity 404 (FIG. 4)).

In many embodiments, system 500 can comprise non-transitory memory storage module 505. Memory storage module 505 can be referred to as third party transferring module 505. In many embodiments, third party transferring module 505 can store computing instructions configured to run on one or more processing modules and perform one or more acts of method 400 (FIG. 4) (e.g., activity 405 (FIG. 4)).

In many embodiments, system 500 can comprise non-transitory memory storage module 506. Memory storage module 506 can be referred to as third party receiving module 506. In many embodiments, third party receiving module 506 can store computing instructions configured to run on one or more processing modules and perform one or more acts of method 400 (FIG. 4) (e.g., activity 406 (FIG. 4)).

In many embodiments, system 500 can comprise non-transitory memory storage module 507. Memory storage module 507 can be referred to as fraud risk score determining module 507. In many embodiments, fraud risk score determining module 507 can store computing instructions configured to run on one or more processing modules and perform one or more acts of method 400 (FIG. 4) (e.g., activity 405 (FIG. 4)).

In many embodiments, system 500 can comprise non-transitory memory storage module 508. Memory storage module 508 can be referred to as transfer facilitating module 508. In many embodiments, transfer facilitating module 508 can store computing instructions configured to run on one or more processing modules and perform one or more acts of method 400 (FIG. 4) (e.g., activity 408 (FIG. 4)).

In many embodiments, system 500 can comprise non-transitory memory storage module 509. Memory storage module 509 can be referred to as transfer details transmitting module 509. In many embodiments, transfer details transmitting module 509 can store computing instructions configured to run on one or more processing modules and perform one or more acts of method 400 (FIG. 4) (e.g., activity 409 (FIG. 4)).

In many embodiments, system 500 can comprise non-transitory memory storage module 510. Memory storage module 510 can be referred to as re-login request receiving module 510. In many embodiments, re-login request receiving module 510 can store computing instructions configured to run on one or more processing modules and perform one or more acts of method 400 (FIG. 4) (e.g., activity 410 (FIG. 4)).

In many embodiments, system 500 can comprise non-transitory memory storage module 511. Memory storage module 511 can be referred to as re-login receiving module 511. In many embodiments, re-login receiving module 511 can store computing instructions configured to run on one or more processing modules and perform one or more acts of method 400 (FIG. 4) (e.g., activity 411 (FIG. 4)).

In many embodiments, system 500 can comprise non-transitory memory storage module 512. Memory storage module 512 can be referred to as transfer API invoking module 512. In many embodiments, transfer API invoking module 512 can store computing instructions configured to run on one or more processing modules and perform one or more acts of method 400 (FIG. 4) (e.g., activity 412 (FIG. 4)).

In many embodiments, system 500 can comprise non-transitory memory storage module 513. Memory storage module 513 can be referred to as transfer completion message displaying module 513. In many embodiments, transfer completion message displaying module 513 can store computing instructions configured to run on one or more processing modules and perform one or more acts of method 400 (FIG. 4) (e.g., activity 413 (FIG. 4)).

Turning ahead in the drawings, FIG. 6 illustrates a block diagram of a system 600 that can be employed for secure electronic transfers, as described in greater detail below. System 600 is merely exemplary and embodiments of the system are not limited to the embodiments presented herein. System 600 can be employed in many different embodiments or examples not specifically depicted or described herein. In some embodiments, certain elements or modules of system 600 can perform various procedures, processes, and/or activities. In these or other embodiments, the procedures, processes, and/or activities can be performed by other suitable elements or modules of system 600.

Generally, therefore, system 600 can be implemented with hardware and/or software, as described herein. In some embodiments, part or all of the hardware and/or software can be conventional, while in these or other embodiments, part or all of the hardware and/or software can be customized (e.g., optimized) for implementing part or all of the functionality of system 600 described herein. In many embodiments, system 600 can be similar, or identical, to system 300 (FIG. 3), and part or all of the hardware and/or software of system 600 can be similar, or identical, to the hardware and/or software of system 300 (FIG. 3).

In a number of embodiments, system 600 can include one or more of a system 610, a payor financial institution system 620, a payee financial institution system 630, a payor device 640, and/or a payee system 660. System 610 can be similar, or identical, to third system server 310 (FIG. 3). Payor financial institution system 620 can be similar, or identical, to first operator server 320 (FIG. 3). Payee financial institution system 630 can be similar, or identical, to second operator server 330 (FIG. 3). Payor device 640 can be similar, or identical, to user device 340 (FIG. 3). Payee system 660 can be similar, or identical, to third party device 350 (FIG. 3).

In various embodiments, system 610, payor financial institution system 620, payee financial institution system 630, payor device 640, and/or payee system 660 can each be a computer system, such as computer system 100 (FIG. 1), as described above, and can each be a single computer, a single server, or a cluster or collection of computers or servers, or a cloud of computers or servers. For example, payee system 660 can comprise a register or some other type of transaction processing machine, such as an eCommerce website or an online retailer server. Payor device 640 can include a mobile device or a personal computer. In some embodiments, a single computer system can host each of two or more of system 610, payor financial institution system 620, payee financial institution system 630, payor device 640, and/or payee system 660. Additional details regarding system 610, payor financial institution system 620, payee financial institution system 630, payor device 640, and/or payee system 660 are described herein.

In many embodiments, system 600 can comprise one or more user interfaces. In some embodiments, payor device 640 can include and/or be configured to display a user interface 641 that can be similar, or identical to GUI 360 (FIG. 3). A user interface (e.g., user interface 641) can be displayed on a user device (e.g., payor device 640) and be configured to allow a user (e.g., payor 650 or a customer) to perform various activities, such as to log into a server (e.g., payor financial institution system 620, payee system 660, etc.), to manage, to transfer funds in or out of, and/or to pay bills from one or more of the user's accounts maintained at the server (e.g., payor account(s) 621 of payor 650 at payor financial institution system 620, payee account 631 at payee system 660), and/or to browse and/or search for products, to add products to an electronic shopping cart, and/or to purchase products, in addition to other suitable activities at the server (e.g., payee system 660).

In many embodiments, system 610, payor financial institution system 620, payee financial institution system 630, payor device 640, and/or payee system 660 can each comprise one or more input devices and/or one or more display devices. The one or more input devices and/or one or more display devices can each be similar or identical to any one of the input devices and/or display devices described herein.

In many embodiments, system 610, payor financial institution system 620, payee financial institution system 630, payor device 640, and/or payee system 660 can be configured to communicate with one another. In some embodiments, system 610, payor financial institution system 620, payee financial institution system 630, payor device 640, and/or payee system 660 can communicate or interface (e.g., interact) with each other through a network or internet 680. Internet 680 can be similar, or identical to, internet 370 (FIG. 3). Internet 680 can be an intranet that is not open to the public.

Internet 680 also can be a mesh network of individual systems. Internet 680 further can comprise a real time payment (RTP) network, such as The Clearing House RTP network and/or the Zelle® network.

In a number of embodiments, system 610, payor financial institution system 620, payee financial institution system 630, payor device 640, and/or payee system 660 can each communicate with one or more databases. The one or more databases can include a product database that contains information about products, items, or SKUs sold by a retailer (e.g., payee system 660), or a user database that contains information about customers, including identity, transfer or payment methods, and/or transaction or order history, etc.

In many embodiments, payor financial institution system 620 and/or payee financial institution system 630 can each host one or more accounts (e.g., payor account(s) 621, or payee account 631). Payor account(s) 621 can be similar or identical to source account 321 (FIG. 3). Payee account 631 can be similar or identical to destination account 331 (FIG. 3). For example, payor account(s) 621 and/or can include one or more check accounts, saving accounts, brokerage accounts, cryptocurrency accounts, etc.

Turning ahead in the drawings, FIG. 7 illustrates a flow chart for a method 700, according to an embodiment. Method 700 is merely exemplary and is not limited to the embodiments presented herein. Method 700 can be employed in many different embodiments or examples not specifically depicted or described herein. In some embodiments, the activities of method 700 can be performed in the order presented. In other embodiments, the activities of method 700 can be performed in any suitable order. In still other embodiments, one or more of the activities of method 700 can be combined or skipped. In many embodiments, system 300 (FIG. 3), system 500 (FIG. 5), and/or system 600 (FIG. 6) can be suitable to perform method 700 and/or one or more of the activities of method 700. In a number of embodiments, some or all of the activities of method 700 can be similar or identical to one or more activities of method 400 (FIG. 4).

In many embodiments, method 700 can comprise an activity 710 of receiving, from a payee system (e.g., payee system 600 (FIG. 6)) for a payee (e.g., payee 670 (FIG. 6)), a request for a transfer from a payor (e.g., payor 650 (FIG. 6)) to the payee. In some embodiments, the request for the transfer can be part of a purchase sequence for one or more goods and/or services. For example, a request for a transfer can initiate an electronic fund transfer in a checkout process for a purchase of an item on an eCommerce website (e.g., payee system 600 (FIG. 6)). The request can be generated or forwarded by the payee system (e.g., payee system 600 (FIG. 6)). The request can be generated after a consumer chooses a payment method (e.g., a real-time electronic fund transfer, or a Zelle® payment) and authorizes the transfer via a consumer device of the consumer (e.g., payor device 640 (FIG. 6) of payor 650 (FIG. 6)). In some embodiments, activity 710 can include one or more activities similar or identical to any of activities 401, 402, and/or 403 (FIG. 4) for the consumer to choose the payment method before receiving the request for the transfer from the payee system. The consumer can choose this checkout process with or without registering with, and/or logging into any user account of, the payee system or the system performing method 700. For example, the checkout process can include the payor checking out as a guest for the payee system.

In some embodiments, method 700 further can include an activity 720 of causing the payor device (e.g., payor device 640 (FIG. 6)) of the payor (e.g., payor 650 (FIG. 6)) to display a plurality of candidate financial institutions (e.g., system payor financial institution system 620 (FIG. 6)) for the payor to determine a payor financial institution of the plurality of candidate financial institutions for the transfer. The payor device can display the plurality of candidate financial institution on a user interface (e.g., user interface 641 (FIG. 6)) executed on the payor device. For example, the plurality of candidate financial institutions can be the banks that support the payment method chosen at activity 710. In certain embodiments, activity 720 further can include determining where there is no more than one candidate financial institution for the payment method for the payee, and then selecting the payor financial institution for the transfer without causing the payor device to display the candidate financial institution.

In a number of embodiments, method 700 further can include an activity 730 of causing a payor device (e.g., payor device 640 (FIG. 6)) to display an authorization user interface (e.g., user interface 621 (FIG. 6)) for the payor (e.g., payor 650 (FIG. 6)) to authorize the payor financial institution (e.g., system payor financial institution system 620 (FIG. 6)) to grant an access code to the system performing method 700 (e.g., system 600 (FIG. 6)). In many embodiments, activity 720 further can include, before authorizing the granting of the access code, causing the payor device to display the authorization user interface or another user interface to prompt the payor to log into a payor user account of the payor financial institution. In some embodiments, the access code can be issued by the payor financial institution and transmitted directly or indirectly to the system for method 700. For example, the access code can be transmitted to the system for method 700 directly from the payor financial institution. The access code also can be transmitted to the payor device for the payor device to forward the access code to the system. The access code further can be stored, by the payor financial institution or the payor device, in a shared directory for the system for method 700 to access. The shared directory can be similar or identical to the shared directory described above. Furthermore, the access code can have an expiration date and/or time and/or be uniquely associated with the system for method 700 in order to ensure security of the checkout or transfer process. In some embodiments, activity 730 further can include an activity 731 (as a subpart of activity 730 or as a subsequent activity to activity 730) of validating that the access code is authentic.

In some embodiments, method 700 further can include an activity 740 of requesting, from the payor financial institution (e.g., payor financial institution system 620 (FIG. 6)), one or more eligible payor accounts (e.g., payor account(s) 621 (FIG. 6)) owned by the payor (e.g., payor 650 (FIG. 6)) and maintained by the payor financial institution. The one or more eligible payor accounts can be pre-authorized by the payor for the transfer. For example, a payor can register one or more accounts at the payor financial institution (e.g., one or more checking accounts) with the Zelle® payment network, via the payor financial institution or directly with a Zelle® server, before the payor can check out at a payee system (e.g., an eCommerce website, or payee financial institution system 630 (FIG. 6)) using the Zelle® payment as a payment method. Activity 740 further can include obtaining information (e.g., an account type, an account nickname, an account number or a part thereof, and/or a balance, etc.) of each of the one or more eligible payor accounts.

In some embodiments, method 700 further can include an activity 750 of causing the payor device (e.g., payor device 640 (FIG. 6)) to display the one or more eligible payor accounts (e.g., payor account(s) 621 (FIG. 6)) for the payor (e.g. 650 (FIG. 6)) to determine a selected payor account of the one or more eligible payor accounts for the transfer. The payor device can include a user interface (e.g., user interface 641 (FIG. 6)) that is similar or identical to the authorization user interface for displaying the one or more eligible payor accounts. In certain embodiments, the payor device further can display information (e.g., an account type, an account number or a part thereof, and/or a balance, etc.) of each of the one or more eligible payor accounts. In certain embodiments, activity 750 further can include determining where there is only one eligible payor account at the payor financial institution for the payor, and then selecting the payor account at the payor financial institution for the transfer without displaying the one or more eligible payor accounts and also without receiving a selected payor account.

In some embodiments, method 700 further can include an activity 760 of determining a fraud risk score for the transfer. Activity 760 can include any suitable algorithms or techniques and/or use any suitable hardware or software for determining the fraud risk score. For example, activity 760 further can include an activity 761 of analyzing a transfer history of the payee (e.g., payee 670 (FIG. 6)). Activity 761 can be a subpart of activity 730 or a subsequent activity to activity 730. The transfer history of the payee can include one or more prior transfers to or from the payee, the Internet Protocol (“IP”) address or any identifier of the device(s) (e.g., payee system 660 (FIG. 6)) used by the payee for each prior transfer, the amount of each prior transfer, any claims against the payee for the prior transfers, etc. (e.g., payee 670 (FIG. 6)). In several embodiments, activity 760 further can include determining the fraud risk score for the transfer based at least in part on risk data and/or risk scores obtained from one or more external sources (e.g., credit bureaus, fraud bureaus, public or private databases for criminal records, etc.).

In some embodiments, method 700 further can include an activity 770 of transmitting to a payee financial institution (e.g., payee financial institution system 630 (FIG. 6)) for the payee (e.g., payee 670 (FIG. 6)), the fraud risk score. In a number of embodiments, the payee financial institution can be configured to determine a transfer decision for the transfer based at least in part on the fraud risk score and information about a payee account (e.g., 631 (FIG. 6)) for the transfer. The payee account can be owned by the payee and maintained by the payee financial institution. The transfer decision can include an approval and/or denial of the transfer. Activity 770 further can include transmitting additional information to the payee financial institution. For example, the additional information can include the risk data (e.g., abnormalities in the transaction history of the payee and/or complaints against the payee) and/or the algorithm(s) or risk model(s) used at activity 760 to determine the fraud risk score. In several embodiments, the payee financial institution can adopt any suitable rules to determine whether and how to use the fraud risk score to make the transfer decision. For example, the payee financial institution can be configured to determine that the transfer decision includes an approval for the transfer when the fraud risk score determined at activity 760 is above a threshold and thus acceptable. The fraud risk score can be a factor or not be part of any factor(s) for determining the transfer decision. In certain embodiments, the payee financial institution can either rely solely on the fraud risk score received from activity 770 or ignore the fraud risk score entirely for determining the transfer decision.

In many embodiments, the payee financial institution further can use any suitable algorithms, techniques, risk models, and/or risk data to determine a second risk score for the transfer. The algorithm(s), technique(s), risk model(s), and/or risk data used by the payee financial institution can be similar to or different than the algorithm(s), technique(s), risk model(s), and/or risk data used at activity 760.

In some embodiments, method 700 further can include an activity 780 of when the transfer decision, as determined at activity 770, comprises an approval of the transfer by the payee financial institution (e.g., payee financial institution system 630 (FIG. 6)), facilitating the transfer from the selected payor account (e.g., payor account(s) 621 (FIG. 6)) to the payee account (e.g., payee account 631 (FIG. 6)). Activity 780 can be configured to facilitate the transfer only when the transfer decision by the payee financial institution (e.g., payee financial institution system 630 (FIG. 6)) at activity 770 includes an approval of the transfer. In a number of embodiments, activity 780 further can include an activity 781 of transmitting, to the payor financial institution (e.g., payor financial institution system 620 (FIG. 6)), the fraud risk score for the payor financial institution to determine a second transfer decision before the payor financial institution debits the fund for the transfer from the selected payor account. Activity 781 can be a subpart of activity 780 or a subsequent activity to activity 780. The payor financial institution can determine the second transfer decision in any suitable ways, including using or not using any suitable hardware, software, algorithms, and/or techniques, and/or based or not based on any suitable fraud risk score(s) and/or risk data, including the fraud risk data transmitted at activity 781.

Turning ahead in the drawings, FIG. 8 illustrates a flow chart for a method 800, according to an embodiment. Method 800 is merely exemplary and is not limited to the embodiments presented herein. Method 800 can be employed in many different embodiments or examples not specifically depicted or described herein. In some embodiments, the activities of method 800 can be performed in the order presented. In other embodiments, the activities of method 800 can be performed in any suitable order. In still other embodiments, one or more of the activities of method 800 can be combined or skipped. In many embodiments, system 300 (FIG. 3), system 500 (FIG. 5), and/or system 600 (FIG. 6) can be suitable to perform method 800 and/or one or more of the activities of method 800. In a number of embodiments, some or all of the activities of method 800 can be similar or identical to one or more activities of method 700 (FIG. 7).

In many embodiments, method 800 can comprise an activity 810 of obtaining, from the payor financial institution (e.g., payor financial institution system 620 (FIG. 6)), an access token associated with the payor (e.g., payor 650 (FIG. 6)) and a refresh token associated with the access token. Activity 810 further can include before obtaining the access token and refresh token, causing a payor device (e.g., payor device 640 (FIG. 6)) to display an authorization user interface (e.g., user interface 641 (FIG. 6)) for the payor to log into a payor user account at the payor financial institution and/or to authorize the payor financial institution to grant an access code. In some embodiments, activity 810 additionally can include at least one of: (a) verifying, by the payor financial institution, the access code before issuing, by the payor financial institution, the access token and/or the refresh token; or (b) issuing, by the payor financial institution, the access token and/or the refresh token based on the access code.

In many embodiments, the access token and/or the refresh token here can be similar or identical to the access token and/or the refresh token described above. The access token and/or the refresh token each can include a respective expiration date and/or time. The access token and the refresh token can be valid when they are first issued by the payor financial institution. When the respective expiration date and/or time is up, the access token and/or the refresh token can become invalid. The access token, if valid, can be configured to enable the access of protected resources of the payor at the payor financial institution. The refresh token can enable the renewal of the access token, until the expiration date and/or time of the refresh token occurs.

In a number of embodiments, method 800 further can include an activity 820 of determining whether the access token is expired. Activity 820 can be implemented by the payor financial institution (e.g., payor financial institution system 620 (FIG. 6)) and/or the system performing method 800 (e.g., system 610 (FIG. 6)). In many embodiments, when activity 820 determines that the access token is not expired, method 800 can include performing one or more other activities that are related or unrelated to the access of the payor's protected resources at the payor financial institution (e.g., activities 740, 750, 760, 761, 770, 780, and/or 781 (FIG. 7)). When activity 820 determines that the access token is already expired, any activities of method 800 that are related to the access of the payor's protected resources at the payor financial institution cannot continue until the access token is renewed or reissued.

In a number of embodiments, method 800 further can include an activity 830 of determining whether the refresh token is expired. Activity 830 be implemented by the payor financial institution (e.g., payor financial institution system 620 (FIG. 6)) and/or the system performing method 800 (e.g., system 610 (FIG. 6)). In some embodiments, when the access token, as determined at activity 820, is expired and when activity 830 determines that the refresh token is not expired, method 800 can determine that the access token is still renewable. When activity 830 determines that the refresh token is expired, method 800 can determine that the access token is no longer renewable. In several embodiments, activity 830 further can include before determining whether the refresh token is expired, validating that the refresh token is authentic. Validating the refresh token can be implemented by the system performing method 800 or a host of a shared directory for storing the refresh token as described above, whenever the refresh token is accessed.

In a number of embodiments, method 800 further can include an activity 840 of requesting the payor financial institution (e.g., payor financial institution system 620 (FIG. 6)) to renew the access token. Activity 840 can be performed when the access token, as determined at activity 820, is expired and when the refresh token, as determined at activity 830, is not expired and thus still valid. Activity 840 can be performed without requiring the payor to authorize the payor financial institution to renew the access token.

In a number of embodiments, method 800 further can include an activity 850 of causing the payor device (e.g. payor device 640 (FIG. 6)) of the payor (e.g., payor 650 (FIG. 6)) to display the authorization user interface (e.g., user interface 641 (FIG. 6)) for the payor to authorize the payor financial institution (e.g., payor financial institution system 620 (FIG. 6)) to renew the access token and (optionally) the refresh token. Activity 850 can be performed when both the access token, as determined at activity 820, and the refresh token, as determined at activity 830, are expired. In several embodiments, activity 850 further can include, before the payor authorizes the payor financial institution to renew the access token and the refresh token, causing the payor device to display the authorization user interface or any other user interface to prompt the payor to re-log into the payor user account of the payor financial institution.

Turning ahead in the drawings, FIG. 9 illustrates a flow chart for a method 900, according to an embodiment. Method 900 is merely exemplary and is not limited to the embodiments presented herein. Method 900 can be employed in many different embodiments or examples not specifically depicted or described herein. In some embodiments, the activities of method 900 can be performed in the order presented. In other embodiments, the activities of method 900 can be performed in any suitable order. In still other embodiments, one or more of the activities of method 900 can be combined or skipped. In many embodiments, system 300 (FIG. 3), system 500 (FIG. 5), and/or system 600 (FIG. 6) can be suitable to perform method 900 and/or one or more of the activities of method 900. In a number of embodiments, some or all of the activities of method 900 can be similar or identical to one or more activities of method 700 (FIG. 7) and/or method 800 (FIG. 8).

In many embodiments, method 900 can comprise an activity 910 of receiving, from a payee system (e.g., payee system 660 (FIG. 6)) for a payee (e.g., payee 670 (FIG. 6)), a request for a transfer from a payor (e.g., payor 650 (FIG. 6)) to the payee. Activity 910 can be similar or identical to, or include similar or identical sub-activities of, activity 710 (FIG. 7). The payor can be associated with a payor user profile of the payee system. In some embodiments, the request for the transfer can be transmitted from the payee system after the payor chooses a transfer method and authorizes a checkout at the payee system (e.g., an eCommerce website). The payor can log into the payee system before authorizing the checkout so that the payor's information, settings, and/or preferences (e.g., the shipping or billing address, the transfer or payment method, the user name, etc.) can be pre-populated in the transfer.

In a number of embodiment, method 900 further can include an activity 920 of causing the payor device (e.g., payor device 640 (FIG. 6)) to display a plurality of candidate financial institutions for the payor (e.g., payor 650 (FIG. 6)) to determine a payor financial institution (e.g., payor financial institution system 620 (FIG. 6)) of the plurality of candidate financial institutions for the transfer. Activity 920 can be similar or identical to 720 (FIG. 7). The plurality of candidate financial institutions can be determined by the payee. In certain embodiments, the payee can be associated with a single candidate financial institution, and activity 920 can be skipped.

In a number of embodiment, method 900 further can include an activity 930 of causing a payor device (e.g., payor device 640 (FIG. 6)) of the payor (e.g., payor 650 (FIG. 6)) to display an authorization user interface (e.g., user interface 641 (FIG. 6)) for the payor to authorize the payor financial institution (e.g., payor financial institution system 620 (FIG. 6)) to grant an access code to the system or one or more processors performing method 900 and/or activity 930 (e.g., system 610 (FIG. 6)). Activity 930 can be similar or identical to 730 (FIG. 7). Activity 930 further can include one or more of: (a) causing the payer device to display the authorization user interface to allow the payor to log into a payor user account at the payor financial institution before authorizing the payor financial institution to grant the access code; and/or (b) validating that the access code is authentic (see, e.g., an activity 731 (FIG. 7)).

In a number of embodiment, method 900 further can include an activity 940 of requesting, from the payor financial institution (e.g., payor financial institution system 620 (FIG. 6)), one or more eligible payor accounts (e.g., payor account(s) 621 (FIG. 6)). Activity 940 can be similar or identical to, or include similar or identical sub-activities of, activity 740 (FIG. 7). The one or more eligible payor accounts can be associated with the payor user account at the payor financial institution. In some embodiments, the payor user account further can be associated with ineligible payor accounts (e.g., brokerage accounts, employer-sponsored pension accounts, etc.).

In a number of embodiment, method 900 further can include an activity 950 of causing the payor device (e.g., payor device 640 (FIG. 6)) to display the one or more eligible payor accounts, and their respective information, for the payor (e.g., payor 650 (FIG. 6)) to determine a selected payor account of the one or more eligible payor accounts (e.g., payor account(s) 621 (FIG. 6)). Activity 950 can be similar or identical to, or include similar or identical sub-activities of, activity 750 (FIG. 7). In certain embodiments, the payor can be associated with a single candidate account at the selected payor financial institution, and activity 950 can be skipped.

In a number of embodiment, method 900 further can include an activity 960 of determining a fraud risk score for the transfer. Activity 960 can be similar or identical to, or include similar or identical sub-activities of, activity 760 (FIG. 7). Activity 960 further can include determining the fraud risk score based at least in part on any suitable risk model(s), including the associated hardware and/or software, and/or by analyzing a transfer history of the payee (e.g., payee 670 (FIG. 6)). For example, activity 960 further can include determining the fraud risk score by using a first risk model.

In a number of embodiment, method 900 further can include an activity 970 of transmitting, to a payee financial institution (e.g., payee financial institution system 630 (FIG. 6)) for the payee (e.g., payee 670 (FIG. 6)), the fraud risk score. The payee financial institution can be configured to determine a transfer decision for the transfer based at least in part on the fraud risk score and information about a payee account (e.g., payee account 631 (FIG. 6)) for the transfer. The payee account can owned by the payee and maintained by the payee financial institution. Activity 970 can be similar or identical to, or include similar or identical sub-activities of, activity 770 (FIG. 7). In some embodiments, activity 970 further can include determining, by the payee financial institution, the transfer decision based at least in part on a second risk model to determine a second fraud risk score. The second risk model can be similar to or different than the first risk model used in activity 960.

In a number of embodiment, method 900 further can include an activity 980 of, when the transfer decision comprises an approval of the transfer by the payee financial institution, facilitating the transfer from the selected payor account to the payee account. Activity 980 can be similar or identical to, or include similar or identical sub-activities of, activity 780 (FIG. 7). In several embodiments, activity 980 further can include transmitting, to the payor financial institution (e.g., payor financial institution system 620 (FIG. 6)), the fraud risk score for the payor financial institution to determine a second transfer decision based at least in part on the fraud risk score. The payor financial institution further can be configured to determine the second transfer decision based at least in part on: (a) a third risk model to determine a third fraud risk score; and/or (b) comparing a balance for the selected payor account with a transfer amount for the transfer. The third risk model can be similar to or different than the first risk model used in activity 960 and/or the second risk model used in activity 970.

In a number of embodiment, method 900 further can include an activity 990 of performing one or more post-transfer activities. For example, in some embodiment, activity 990 further can include an activity 991 of generating a transfer token associated with the payor and the payee. Activity 990 also can include an activity 992 of storing transfer data for the transfer at any suitable databases, non-transitory memory storage modules, and/or servers. In many embodiment, activity 990 further can include an activity 993 of transmitting the transfer token to the payee system (e.g., payee system 660 (FIG. 6)). In certain embodiments, one or more of activity 991, activity 992, and/or activity 993 can be performed when a status of the transfer is among a group of various statuses (e.g., “approved”, “sent”, or “successful”).

In many embodiments, method 900 further can include one or more token-based authentication activities each similar or identical to one or more activities of method 800 (FIG. 8). The one or more token-based authentication activities can be performed when method 900 interacts with the payor financial institution (e.g., the payor financial institution system 620 (FIG. 6)) and/or the payee financial institution (e.g., the payor financial institution system 630 (FIG. 6)). For example, activity 940 can include one or more of: (a) obtaining, from the payor financial institution, an access token associated with the payor (e.g., activity 810 (FIG. 8)); (b) obtaining, from the payor financial institution, a refresh token associated with the access token (e.g., activity 810 (FIG. 8)); (c) when the refresh token is valid, requesting the payor financial institution to renew the access token (e.g., activity 840 (FIG. 8)); and/or (d) when the refresh token and the access token are expired, causing the payor device for the payor to display the authorization user interface for the payor to authorize the payor financial institution to renew the access token and the refresh token (e.g., activity 850 (FIG. 8)).

Turning ahead in the drawings, FIG. 10 illustrates a flow chart for a method 1000, according to an embodiment. Method 1000 is merely exemplary and is not limited to the embodiments presented herein. Method 1000 can be employed in many different embodiments or examples not specifically depicted or described herein. In some embodiments, the activities of method 1000 can be performed in the order presented. In other embodiments, the activities of method 1000 can be performed in any suitable order. In still other embodiments, one or more of the activities of method 1000 can be combined or skipped. In many embodiments, system 300 (FIG. 3), system 500 (FIG. 5), and/or system 600 (FIG. 6) can be suitable to perform method 1000 and/or one or more of the activities of method 1000. In a number of embodiments, some or all of the activities of method 1000 can be similar or identical to one or more activities of methods 700 (FIG. 7), 800 (FIG. 8), and/or 900 (FIG. 9).

In many embodiments, method 1000 can comprise an activity 1010 of receiving, from a payee system (e.g., payee system 660 (FIG. 6)) for a payee (e.g., payee 670 (FIG. 6)), a request for a transfer from a payor (e.g., payor 650 (FIG. 6)) to the payee. The payor can be associated with a payor user profile of the payee system. The request can include a transfer token associated with the payor and the payee.

In a number of embodiments, method 1000 further can include an activity 1020 of retrieving transfer data based on the transfer token. The transfer data can be associated with the transfer token, a payor financial institution (e.g., payor financial institution system 620 (FIG. 6)) for the payor (e.g., payor 650 (FIG. 6)), and a selected payor account (e.g., payor account(s) 621 (FIG. 6)) owned by the payor and maintained by the payor financial institution. The transfer data further can include data about one or more prior transfers from the payor to the payee, such as information about the payor financial institution and/or the selected payor account for a prior transfer, an access token for the payor financial institution and the payor, and/or a refresh token for the access token, etc.

In a number of embodiments, method 1000 further can include an activity 1030 of using the access token of the transfer data to access one or more eligible payor accounts (e.g., payor account(s) 621 (FIG. 6)) owned by the payor (e.g., payor 650 (FIG. 6)) and maintained by the payor financial institution (e.g., payor financial institution system 620 (FIG. 6)). Activity 1040 can be similar or identical to, or include similar or identical sub-activities of, activity 740 (FIG. 7) and/or activity 940 (FIG. 9). In several embodiments, activity 1030 further can include one or more additional activities for the payor to re-select the payor financial institution and/or the selected payor account for the transfer. For example, activity 1030 further can include: (a) causing a payor device for the payor to display a plurality of candidate financial institutions for the transfer, and receiving, from the payor device, a selection of the payor financial institution of the plurality of candidate financial institutions; and/or (b) causing the payor device to display the one or more eligible payor accounts for the payor to determine the selected payor account of the one or more eligible payor accounts for the transfer. Activity 1030 can include automatically prompting or causing the payor to re-select the payor financial institution and/or the selected payor account when encountering certain anomalies. For example, when the payor financial institution is not responding, and/or when the transfer of funds fails because of insufficient funds in the selected payor account.

In many embodiments, method 1000 and/or activity 1030 further can include one or more additional activities for token-based authorization (see, e.g., activity 810, 820, 830, 840, and/or 850 (FIG. 8)). For example, activity 1030 further can include an activity 1031 of determining whether the access token is expired. In some embodiments, activity 1030 also can include obtaining, validating, and/or renewing the access token, etc.

In a number of embodiments, method 1000 further can include an activity 1040 of determining a fraud risk score for the transfer. Activity 1040 can be similar or identical to, or include similar or identical sub-activities of, activity 760 (FIG. 7) and/or activity 960 (FIG. 9). For example, activity 1040 can including activity 1041 of analyzing a transfer history of the payee.

In a number of embodiments, method 1000 further can include an activity 1050 of transmitting, to the payee financial institution (e.g., for the payee), the fraud risk score. The payee financial institution (e.g., payee financial institution system 630 (FIG. 6)) can be configured to determine a transfer decision for the transfer based at least in part on the fraud risk score and information about the selected payee account for the transfer. The payee account can be owned by the payee and maintained by the payee financial institution. Activity 1050 can be similar or identical to, or include similar or identical sub-activities of, activity 770 (FIG. 7) and/or activity 970 (FIG. 9).

In a number of embodiments, method 1000 further can include an activity 1060 of, when a transfer decision determined by the payee financial institution (e.g., payee financial institution system 630 (FIG. 6)) to comprises an approval of the transfer, facilitating the transfer from the selected payor account (e.g., payor account(s) 621 (FIG. 6)) to the payee account (e.g., payee account 631 (FIG. 6)). Activity 1060 can be similar or identical to, or include similar or identical sub-activities of, activity 780 (FIG. 7) and/or activity 980 (FIG. 9). For example, activity 1060 further can include an activity 1061 of transmitting, to the payor financial institution (e.g., payor financial institution system 620 (FIG. 6)), the fraud risk score for the payor financial institution to determine a second transfer decision before the payor financial institution debits the fund for the transfer from the selected payor account.

In some embodiments, method 1000 further can include performing post-transfer activities (e.g., activity 990, sub-activity 991, sub-activity 992, and/or sub-activity 993 (FIG. 9)), such as updating the transfer data (e.g., the selected payor account and/or the access token) after facilitating the transfer.

Turning ahead in the drawings, FIG. 11 illustrates a flow chart for a method 1100, according to an embodiment. Method 1100 is merely exemplary and is not limited to the embodiments presented herein. Method 1100 can be employed in many different embodiments or examples not specifically depicted or described herein. In some embodiments, the activities of method 1100 can be performed in the order presented. In other embodiments, the activities of method 1100 can be performed in any suitable order. In still other embodiments, one or more of the activities of method 1100 can be combined or skipped. In many embodiments, system 300 (FIG. 3), system 500 (FIG. 5), and/or system 600 (FIG. 6) can be suitable to perform method 1100 and/or one or more of the activities of method 1100. In a number of embodiments, some or all of the activities of method 1100 can be similar or identical to one or more activities of method 700 (FIG. 7), 800 (FIG. 8), 900 (FIG. 9), and/or 1000 (FIG. 10).

In many embodiments, method 1100 can comprise an activity 1110 of receiving a request for a transfer from a selected payor account (e.g., payor account(s) 621 (FIG. 6)) of a payor (e.g., payor 650 (FIG. 6)) to a payee (e.g., payee 670 (FIG. 6)). Activity 1110 can be similar or identical to, or include similar or identical sub-activities of, activity 710 (FIG. 7), activity 910 (FIG. 9), and/or activity 1010 (FIG. 10). In some embodiments, the payor can log into the payee system (e.g., payee system 660 (FIG. 6)) before authorizing the transfer and causing the payee system to transmit the request. In similar or different embodiments, the payor can have no payor user account at the payee system or choose not to log in before checking out. The request can include or not include a transfer token that is associated with the payor and the payee.

In a number of embodiments, method 1100 further can include an activity 1120 of determining a fraud risk score for the transfer. The payee financial institution can be configured to determine a transfer decision for the transfer based at least in part on the fraud risk score and information about a payee account for the transfer. The payee account can be owned by the payee and maintained by the payee financial institution. Determining the fraud risk score can include: (a) analyzing a transfer history of the payee; and/or (b) determining the fraud risk score by using a first risk model. Activity 1120 can be similar or identical to, or include similar or identical sub-activities of, activity 760 (FIG. 7), activity 960 (FIG. 9), and/or activity 1040 (FIG. 10).

In a number of embodiments, method 1100 further can include an activity 1130 of transmitting, to a payee financial institution (e.g., payee financial institution system 630 (FIG. 6)) for the payee (e.g., payee 670 (FIG. 6)), the fraud risk score. Activity 1130 can be similar or identical to, or include similar or identical sub-activities of, activity 770 (FIG. 7), activity 970 (FIG. 9), and/or activity 1050 (FIG. 10). The payee financial institution further can be configured to determine the transfer decision based at least in part on a second risk model to determine a second fraud risk score, and the second risk model can be similar to or different than the first risk model.

In a number of embodiments, method 1100 further can include an activity 1140 of, when a transfer decision by the payee financial institution (e.g., payee financial institution system 630 (FIG. 6)) comprises an approval of the transfer, facilitating the transfer from the selected payor account (e.g., payor account(s) 621 (FIG. 6)) to the payee account (e.g., payee account 631 (FIG. 6)). Activity 1140 can be similar or identical to, or include similar or identical sub-activities of, activity 780 (FIG. 7), activity 980 (FIG. 9), and/or activity 1060 (FIG. 10).

In a number of embodiments, method 1100 and/or activity 1140 further can include an activity 1141 of transmitting, to the payor financial institution, the fraud risk score for the payor financial institution to determine a second transfer decision. The payor financial institution can be further configured to determine the second transfer decision based at least in part on (a) a third risk model to determine a third fraud risk score; and/or (b) comparing a balance for the selected payor account with a transfer amount for the transfer.

In a number of embodiments, method 1100 and/or activity 1140 further can include an activity 1142 of sending transfer information to a payor financial institution (e.g., payor financial institution system 620 (FIG. 6)) to cause the payor financial institution to send a request for payment through a real-time settlement network to the payee financial institution (e.g., payee financial institution system 630 (FIG. 6)) to authorize a real-time credit transfer from the selected payor account (e.g., payor account(s) 621 (FIG. 6)) to the payee account (e.g., payee account 631 (FIG. 6)). The real-time credit transfer can be settled in real-time through the real-time settlement network. The transfer information can include information to identify the payee financial institution and the payee account to the real-time settlement network. The transfer information further can include the fraud risk score. In some embodiments, the transfer information does not include any account number of the payee account.

In many embodiments, method 1100 further can include one or more additional activities. For example, method 1100 can include facilitating an authorization for the payor to authorize the payor financial institution to grant an access code. Method 1100 further can include requesting, from the payor financial institution, one or more eligible payor accounts owed by the payor and maintained by the payor financial institution. Method 1100 also can include causing a payor device of the payor to display the one or more eligible payor accounts for the payor to determine the selected payor account from among the one or more eligible payor accounts for the transfer.

In some embodiments, the one or more additional activities can include token-based authorization (see, e.g., activity 810, 820, 830, 840, and/or 850 (FIG. 8)). For example, method 1100 further can include obtaining, validating, and/or renewing an access token and/or a refresh token, and/or determining whether the access token and/or the refresh token are expired.

Turning ahead in the drawings, FIG. 12 illustrates a flow chart for a method 1200, according to an embodiment. Method 1200 is merely exemplary and is not limited to the embodiments presented herein. Method 1200 can be employed in many different embodiments or examples not specifically depicted or described herein. In some embodiments, the activities of method 1200 can be performed in the order presented. In other embodiments, the activities of method 1200 can be performed in any suitable order. In still other embodiments, one or more of the activities of method 1200 can be combined or skipped. In many embodiments, system 300 (FIG. 3), system 500 (FIG. 5), and/or system 600 (FIG. 6) can be suitable to perform method 1200 and/or one or more of the activities of method 1200. In a number of embodiments, some or all of the activities of method 1200 can be similar or identical to one or more activities of method 700 (FIG. 7), 800 (FIG. 8), 900 (FIG. 9), 1000 (FIG. 10), and/or 1100 (FIG. 11).

In many embodiments, method 1200 can comprise an activity 1210 of receiving, from a payee system (e.g., payee system 660 (FIG. 6)) for a payee (e.g., payee 670 (FIG. 6)), a request for a transfer from a payor (e.g., payor 650 (FIG. 6)) to the payee. The request can be sent by the payee without the payor selecting to use the system for the transfer. The payor can be associated with a payor user profile of the payee system. The request can include a transfer token associated with the payor and the payee.

In a number of embodiments, method 1200 further can include an activity 1220 of retrieving transfer data based on the transfer token. The transfer data can be associated with the transfer token, a payor financial institution for the payor, and a selected payor account owned by the payor and maintained by the payor financial institution. The transfer data can include an access token for the payor financial institution and the payor. In some embodiments, method 1200 also can include determining the payor financial institution based on the transfer token.

In a number of embodiments, method 1200 further can include an activity 1230 of determining a fraud risk score for the transfer. Activity 1230 further can include an activity 1231 of analyzing a transfer history of the payee. Activity 1230 can be similar or identical to, or include similar or identical sub-activities of, activity 760 (FIG. 7), activity 960 (FIG. 9), activity 1040 (FIG. 10), and/or activity 1120 (FIG. 11).

In a number of embodiments, method 1200 further can include an activity 1240 of transmitting, to a payee financial institution (e.g., payee financial institution system 630 (FIG. 6)) for the payee (e.g., payee 670 (FIG. 6)), the fraud risk score. The payee financial institution can be configured to determine a transfer decision for the transfer based at least in part on the fraud risk score and information about a payee account for the transfer. The payee account can be owned by the payee and maintained by the payee financial institution. Activity 1240 can be similar or identical to, or include similar or identical sub-activities of, activity 770 (FIG. 7), activity 970 (FIG. 9), activity 1050 (FIG. 10), and/or activity 1130 (FIG. 11).

In a number of embodiments, method 1200 further can include an activity 1250 of, when the transfer decision comprises an approval of the transfer by the payee financial institution, facilitating the transfer from the selected payor account to the payee account. Activity 1250 can be similar or identical to, or include similar or identical sub-activities of, activity 780 (FIG. 7), activity 980 (FIG. 9), activity 1060 (FIG. 10), and/or 1140 (FIG. 11).

In many of embodiments, method 1200 further can include one or more additional activities. In some embodiments, the one or more additional activities can include token-based authorization (see, e.g., activity 810, 820, 830, 840, and/or 850 (FIG. 8)). For example, method 1100 further can include obtaining, validating, and/or renewing an access token and/or a refresh token, and/or determining whether the access token and/or the refresh token are expired.

In many embodiments, the techniques described herein can provide a practical application and several technological improvements. In some embodiments, the techniques described herein can provide for secure real-time electronic transfer. In several embodiments, the techniques described herein can provide for electronic billing with real-time payment settlement. In a number of embodiments, the techniques described herein can provide for electronic billing with one or more fraud detection processes. These techniques described herein can provide a significant improvement over conventional approaches of electronic transfers, such as credit and/or debit card payments.

In a number of embodiments, the techniques described herein can solve a technical problem that arises only within the realm of computer networks, as electronic transfers do not exist outside of computer networks.

In many embodiments, the techniques described herein can be used continuously at a scale that cannot be handled using manual techniques. For example, the techniques can be applied to millions of transactions daily.

In a number of embodiments, the techniques described herein can solve a technical problem that arises only within the realm of computer networks, as online payment does not exist outside the realm of computer networks. Moreover, the techniques described herein can solve a technical problem that cannot be solved outside the context of computer networks. Specifically, the techniques described herein cannot be used outside the context of computer networks, in view of a lack of ability to settle funds in real-time.

Although systems and methods for secure electronic transfers have been described with reference to specific embodiments, it will be understood by those skilled in the art that various changes may be made without departing from the spirit or scope of the disclosure. Accordingly, the disclosure of embodiments is intended to be illustrative of the scope of the disclosure and is not intended to be limiting. It is intended that the scope of the disclosure shall be limited only to the extent required by the appended claims. For example, to one of ordinary skill in the art, it will be readily apparent that any element of FIGS. 1-12 may be modified, and that the foregoing discussion of certain of these embodiments does not necessarily represent a complete description of all possible embodiments. For example, one or more of the procedures, processes, or activities of FIGS. 4 and 7-12 may include different procedures, processes, and/or activities and be performed by many different modules, in many different orders.

All elements claimed in any particular claim are essential to the embodiment claimed in that particular claim. Consequently, replacement of one or more claimed elements constitutes reconstruction and not repair. Additionally, benefits, other advantages, and solutions to problems have been described with regard to specific embodiments. The benefits, advantages, solutions to problems, and any element or elements that may cause any benefit, advantage, or solution to occur or become more pronounced, however, are not to be construed as critical, required, or essential features or elements of any or all of the claims, unless such benefits, advantages, solutions, or elements are stated in such claim.

Moreover, embodiments and limitations disclosed herein are not dedicated to the public under the doctrine of dedication if the embodiments and/or limitations: (1) are not expressly claimed in the claims; and (2) are or are potentially equivalents of express elements and/or limitations in the claims under the doctrine of equivalents. 

What is claimed is:
 1. A system comprising: one or more processors; and one or more non-transitory computer-readable media storing computing instructions that, when executed on the one or more processors, perform: receiving, from a payee system for a payee, a request for a transfer from a payor to the payee, wherein: the payor is associated with a payor user profile of the payee system; and the request comprises a transfer token associated with the payor and the payee; retrieving transfer data based on the transfer token, wherein: the transfer data is associated with the transfer token, a payor financial institution for the payor, and a selected payor account owned by the payor and maintained by the payor financial institution; and the transfer data comprises an access token for the payor financial institution and the payor; using the access token to access one or more eligible payor accounts owned by the payor and maintained by the payor financial institution, the one or more eligible payor accounts comprising the selected payor account; determining a fraud risk score for the transfer; transmitting, to a payee financial institution for the payee, the fraud risk score, wherein: the payee financial institution is configured to determine a transfer decision for the transfer based at least in part on the fraud risk score and information about a payee account for the transfer; and the payee account is owned by the payee and maintained by the payee financial institution; and when the transfer decision comprises an approval of the transfer by the payee financial institution, facilitating the transfer from the selected payor account to the payee account.
 2. The system of claim 1, wherein the computing instructions, when executed on the one or more processors, are further configured to perform one or more of: (a) causing a payor device for the payor to display a plurality of candidate financial institutions for the transfer, the plurality of candidate financial institutions comprising the payor financial institution; and receiving, from the payor device, a selection of the payor financial institution of the plurality of candidate financial institutions; (b) causing the payor device to display the one or more eligible payor accounts for the payor to determine the selected payor account of the one or more eligible payor accounts for the transfer; (c) validating that the transfer token is authentic; or (d) determining whether the access token is expired.
 3. The system of claim 2, wherein the computing instructions, when executed on the one or more processors, are further configured to perform: in response to determining that the access token is expired, one of: (a) causing the payor device to display an authorization user interface for the payor to authorize the payor financial institution to renew the access token; or (b) determining whether a refresh token of the transfer data for the access token is expired; when the refresh token is valid, causing the payor financial institution to renew the access token; and when the refresh token is expired, causing the payor device to display the authorization user interface for the payor to authorize the payor financial institution to renew the access token and the refresh token.
 4. The system of claim 3, wherein the authorization user interface is further configured to allow the payor to log into a payor user account with the payor financial institution, the payor user account being associated with the one or more eligible payor accounts.
 5. The system of claim 2, wherein the computing instructions, when executed on the one or more processors, are further configured to perform: in response to receiving the selection of the payor financial institution or the payor determining the selected payor account, updating the transfer data for the transfer.
 6. The system of claim 1, wherein determining the fraud risk score for the transfer comprises: analyzing a transfer history of the payee.
 7. The system of claim 1, wherein: determining the fraud risk score further comprises: determining the fraud risk score by using a first risk model; and the payee financial institution is further configured to determine the transfer decision based at least in part on a second risk model to determine a second fraud risk score.
 8. The system of claim 1, wherein facilitating the transfer from the selected payor account to the payee account further comprises: transmitting, to the payor financial institution, the fraud risk score for the payor financial institution to determine a second transfer decision based at least in part on the fraud risk score.
 9. The system of claim 8, wherein: determining the fraud risk score further comprises: determining the fraud risk score by using a first risk model; and the payor financial institution is further configured to determine the second transfer decision based at least in part on a third risk model to determine a third fraud risk score.
 10. The system of claim 8, wherein: the payor financial institution is further configured to determine the second transfer decision based at least in part comparing a balance for the selected payor account with a transfer amount for the transfer.
 11. A method implemented via execution of computing instructions configured to run at one or more processors and configured to be stored at non-transitory computer-readable media, the method comprising: receiving, from a payee system for a payee, a request for a transfer from a payor to the payee, wherein: the payor is associated with a payor user profile of the payee system; and the request comprises a transfer token associated with the payor and the payee; retrieving transfer data based on the transfer token, wherein: the transfer data is associated with the transfer token, a payor financial institution for the payor, and a selected payor account owned by the payor and maintained by the payor financial institution; and the transfer data comprises an access token for the payor financial institution and the payor; using the access token to access one or more eligible payor accounts owned by the payor and maintained by the payor financial institution, the one or more eligible payor accounts comprising the selected payor account; determining a fraud risk score for the transfer; transmitting, to a payee financial institution for the payee, the fraud risk score, wherein: the payee financial institution is configured to determine a transfer decision for the transfer based at least in part on the fraud risk score and information about a payee account for the transfer; and the payee account is owned by the payee and maintained by the payee financial institution; and when the transfer decision comprises an approval of the transfer by the payee financial institution, facilitating the transfer from the selected payor account to the payee account.
 12. The method of claim 11 further comprising one or more of: (a) causing a payor device for the payor to display a plurality of candidate financial institutions for the transfer, the plurality of candidate financial institutions comprising the payor financial institution; and receiving, from the payor device, a selection of the payor financial institution of the plurality of candidate financial institutions; (b) causing the payor device to display the one or more eligible payor accounts for the payor to determine the selected payor account of the one or more eligible payor accounts for the transfer; (c) validating that the transfer token is authentic; or (d) determining whether the access token is expired.
 13. The method of claim 12 further comprising: in response to determining that the access token is expired, one of: (a) causing the payor device to display an authorization user interface for the payor to authorize the payor financial institution to renew the access token; or (b) determining whether a refresh token of the transfer data for the access token is expired; when the refresh token is valid, causing the payor financial institution to renew the access token; and when the refresh token is expired, causing the payor device for the payor to display the authorization user interface for the payor to authorize the payor financial institution to renew the access token and the refresh token.
 14. The method of claim 13, wherein the authorization user interface is further configured to allow the payor to log into a payor user account with the payor financial institution, the payor user account being associated with the one or more eligible payor accounts.
 15. The method of claim 12 further comprising: in response to receiving the selection of the payor financial institution or the payor determining the selected payor account, updating the transfer data for the transfer.
 16. The method of claim 11, wherein determining the fraud risk score for the transfer comprises: analyzing a transfer history of the payee.
 17. The method of claim 11, wherein: determining the fraud risk score further comprises: determining the fraud risk score by using a first risk model; and the payee financial institution is further configured to determine the transfer decision based at least in part on a second risk model to determine a second fraud risk score.
 18. The method of claim 11, wherein facilitating the transfer from the selected payor account to the payee account further comprises: transmitting, to the payor financial institution, the fraud risk score for the payor financial institution to determine a second transfer decision based at least in part on the fraud risk score.
 19. The method of claim 18, wherein: determining the fraud risk score further comprises: determining the fraud risk score by using a first risk model; and the payor financial institution is further configured to determine the second transfer decision based at least in part on a third risk model to determine a third fraud risk score.
 20. The method of claim 18, wherein: the payor financial institution is further configured to determine the second transfer decision based at least in part comparing a balance for the selected payor account with a transfer amount for the transfer. 